Microsoft has been actively briefing federal government IT and security leaders on its new plan to revamp its internal cybersecurity practices.

Why it matters: Microsoft is facing pushback in Washington among lawmakers and federal offices following a China hack last summer that exposed top officials' internal emails.

Zoom in: Steve Faehl, chief technology officer for Microsoft's federal security business, told a small group of reporters last week that he's been meeting with federal agencies' security teams to brief them on the company's new cybersecurity strategy.

• The strategy, known as the Secure Future Initiative, incentivizes company executives and employees to prioritize cybersecurity when designing products.
• Microsoft has met with CIOs, CISOs, threat intelligence teams and directors of security operations centers at federal agencies.

Driving the news: Microsoft president Brad Smith will testify next month before the House Homeland Security Committee about the new internal strategy and last summer's China hack.

• A government advisory board has said the hack was "preventable and should never have occurred."

Between the lines: Many of the goals laid out in the new initiative line up with recommendations in the advisory board's report — and Microsoft is likely to point to this ongoing work in other conversations across Washington as it does damage control.

Inside the room: Faehl told reporters that one of the top questions agency security leaders have after he presents the company's plans is, "Is this real?"

• In response, Faehl said, his team points to the goals it has either already completed or has started to make progress on — showcasing that the company is taking these new promises seriously.
• Once that message sinks in, many agencies have also started asking Microsoft for tips on how they can implement a similar cyber strategy in their own workplaces, Faehl said.

What they're saying: "They understand that the norms have changed and that things are different and that Microsoft is mounting a significant security effort," Faehl said about the federal agency meetings.

• "Getting more certainty around what that effort is is the focus of the majority of those conversations."

The big picture: Microsoft is up against competitors who are eager to bite into the tech giant's dominance in government services.

• Last week, Google released a white paper and blog post scrutinizing Microsoft's cyber practices.
• The company even started offering a discount for some of its services to government customers looking to move away from Microsoft.
• Other competitors have also taken jabs: Both CrowdStrike and Trellix have pages on their sites aimed at luring in Microsoft customers.

Yes, but: Microsoft isn't interested in taking the bait from competitors.

• "We don't see companies with alternative solutions, such as [cloud-service providers] and security vendors, as the competition," Faehl said. "We know that the U.S. government is a target — we are a target, as a result — and we are looking for partnerships to address those threats."

Data compliance platform Transcend has raised a $40 million Series B round led by StepStone Group, the startup exclusively shared with Axios.

Why it matters: The new funding round will help the startup compete against legacy data privacy tools from OneTrust and others.

• Data privacy and identity management has proven to be one of the most stable outlets for cyber investors, despite an unpredictable macro environment.

Zoom in: Transcend has expanded in recent years from a platform that solely helps consumers navigate their own data privacy to a product suite that now helps companies respond to data deletion requests, opt-outs of third-party sales, and other regulatory requirements.

• Transcend's tools are able to find where user data lives throughout a company's business systems, export it and give it to the user — or simply delete it all, depending on the request.
• Today's Series B round brings Transcend's total raise to $90 million, the company said. Customers include LG Electronics, Plaid, Brex and Rippling, and a few Fortune 500 companies.

The big picture: Several U.S. states and countries around the world have enacted new data privacy laws that give customers new rights to opt out of the sale of their data to third parties, request that companies delete their information, and more.

• This has created a regulatory headache for companies, and forthcoming artificial intelligence regulations are likely to add to the list of responsibilities that security executives must consider.

What they're saying: "Customers are very clear that they want to have everything under one roof, and they need that to be actually technical enough to talk to the systems that are processing the data," Ben Brook, CEO and co-founder of Transcend, told Axios.

What's next: Brook says Transcend plans to use the funding to target a broader customer market.

• That includes making investments in the product, research and development, and bringing in more customers.

The RansomHub ransomware gang has taken credit for a cyberattack against renowned art auction house Christie's.

Why it matters: Christie's has yet to call the cyber "incident" a ransomware attack.

• The auction house returned its website and app to full functionality this month after battling a cyberattack.

Zoom in: RansomHub claimed in a dark web listing seen by Axios on Monday that it stole 2 gigabytes' worth of information from Christie's, including at least 500,000 private clients' sensitive information.

• A screenshot of the stolen data that RansomHub posted on its site suggests that some of the information includes passport numbers, birthdays and full names.

Between the lines: Ransomware gangs often name and shame their victims on their dark web site to pressure them into paying a hefty ransom.

• Gangs typically promise not to leak any stolen data and to provide a decryption key when a victim pays a ransom.

Yes, but: Many cybercriminal gangs are known to go back on their promises.

The intrigue: RansomHub is also trying to pressure Christie's into paying a ransom by suggesting the company will face hefty regulatory fines if the stolen data is published.

• "It is clear that if this information is posted they will incur heavy fines from GDPR as well as ruining their reputation with their clients and don't care about their privacy," the gang wrote in the post.

The big picture: RansomHub is a relatively new but quickly growing ransomware gang. Its first attack was in February.

• Last month, the gang also listed stolen data from the Change Healthcare ransomware attack for sale.

@ D.C.

📈 The number of fake X accounts posting about the U.S. presidential election grew tenfold in March and April, researchers found. (Reuters)

🤷🏻‍♂️ A European Union data protection task force hasn't come to any conclusive rulings on whether ChatGPT's data collection processes violate the bloc's privacy law, according to a new preliminary report. (TechCrunch)

🇨🇳 China hawk lawmakers have growing concerns about the potential implications of Microsoft's $1.5 billion investment deal with Emirati AI company G42. (Politico)

@ Industry

🤖 OpenAI has created a new safety and security committee that will evaluate the company's safeguards and consult with several well-known security experts, including former National Security Agency official Rob Joyce and former Department of Justice official John Carlin. (Axios)

💰 xAI, Elon Musk's AI startup, has raised $6 billion, marking one of the largest venture capital funding rounds of all time. (Axios)

@ Hackers and hacks

💊 U.S. pharmaceutical giant Cencora has started notifying people that their personal medical information was stolen during a data breach this year. (TechCrunch)

🏥 Ascension, a health care organization that includes more than 140 hospitals and senior care centers across the U.S., hopes its "patients and clinicians will see progress" this week in its response to a recent ransomware attack. (The Record)

Now this is what I call an apology video.

• The annual SLEUTHCON conference in Arlington, Virginia, on Friday suffered a power outage part way through programming. They persevered and kept the show going anyway, as they always do. 💪🏼