Chinese state-sponsored actors hacked into the Treasury Department in early December, accessing unclassified documents from its workstations, the agency said in a letter to lawmakers Monday.
The hackers stole a key from a third-party software service provider, BeyondTrust, and used it to override security and gain access to Treasury workstations, according to the letter from Treasury obtained by The Hill.
The agency is no longer using the compromised service, and there is no evidence the hackers still have access to Treasury information, it noted.
“Treasury takes very seriously all threats against our systems, and the data it holds,” the agency said in a statement.
“Over the last four years, Treasury has significantly bolstered its cyber defense, and we will continue to work with both private and public sector partners to protect our financial system from threat actors,” it continued.
The agency is working with the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the intelligence community and third-party investigators to examine the incident, according to Monday’s letter.
It said it would supply lawmakers with additional information in 30 days — a requirement under current law for major cybersecurity incidents.
Rebecca Beitsch contributed to this report.
