Microsoft has provided recovery keys to the FBI to unlock encrypted data on three laptop hard drives as part of a federal investigation, Forbes reported this information on Friday.

Many modern Windows computers rely on full-disk encryption, called Bitlocker, which Enabled by default. This type of technology will prevent anyone other than the owner of the device from accessing the data if the computer is locked and powered off.

But, by default, BitLocker recovery keys are uploaded to Microsoft’s cloud, allowing the tech giant — and by extension law enforcement — to access them and use them to decrypt drives encrypted with BitLocker, as reported by Forbes .

The case involves several people suspected of fraud related to the pandemic unemployment assistance program on the US Pacific island of Guam. Local news outlet Pacific Daily News covered The lawsuit was filed last year, with reports that a warrant was served on Microsoft for the suspects’ hard drives. Kandit News, another local news outlet in Guam, Also report The warrant was requested six months after the FBI seized three laptops encrypted with BitLocker in October.

A Microsoft spokesperson did not immediately respond to TechCrunch’s request for comment. Microsoft told Forbes that the company sometimes provides BitLocker recovery keys to authorities, receiving an average of 20 such requests per year.

In addition to the privacy risks of handing over recovery keys to a company, Johns Hopkins professor and cryptography expert Matthew Green Possible scenarios arise Where malicious hackers compromise Microsoft’s cloud infrastructure — something like that happened several times In recent years — and get access to these recovery keys. Hackers will still need physical access to the hard drive to use the stolen recovery keys.

“It’s 2026 and these concerns have been known for years,” Green wrote in one Post to Bluesky. “Microsoft’s inability to protect critical customer keys has begun to make it an outlier from the rest of the industry.”