This is is front page news on the Wall St Journal for Tuesday. The US has indicted four Chinese nationals, three of them identified as Ministry of State Security (MSS) officials, for hacking Microsoft Exchange service going back ten years. The fourth individual worked at a Chinese front company that aided in the hacking. Apparently the hack allowed China to read all the email on Microsoft Exchange servers going back ten years.
I would suggest anyone running Microsoft Exchange look for some other email server. We must suspect the Microsoft had the Windows software people, creators of the most insecure operating system in the world, do the code for Microsoft Exchange Server.
My other suggestion to all is to consider email to be compromised. Never put anything in email that you would not want to post on the bulletin board down at the local supermarket. Use a phone call, or go out to the customers site rather than expose damaging data by email.