Microsoft typically positions Copilot as a secure, enterprise-ready assistant designed to help employees summarise emails, draft responses and retrieve information from within their organisation’s systems.

What went down

The problem was initially highlighted by tech publication Bleeping Computer, which reported seeing a service alert referencing the issue. According to details cited in that report, Copilot Chat had been incorrectly processing emails marked with sensitivity labels, despite data loss prevention policies being configured to restrict such content.

Reports suggest Microsoft became aware of the issue in January. A related notice also appeared on an NHS England IT support dashboard, attributing the root cause to a code-related error. While the notice implied NHS systems were affected, the BBC reported that the organisation said that any processed draft or sent emails remained accessible only to their original authors and that patient data had not been exposed.