Officials told lawmakers this week that the hackers accessed a small number of unclassified files belonging to top officials, including those of Treasury Secretary Janet Yellen.
According to a Politico report, Treasury and other law enforcement officials told lawmakers Wednesday that Chinese hackers gained access to more than 3,000 unclassified agency files as part of a cybersecurity breach last year.
— annmarie hordern (@annmarie) January 17, 2025
Deputy Secretary Wally Adeyemo, and Acting Under Secretary Brad Smith were also impacted.
Other targets of the hack included the Committee of Foreign Investment in the United States and the Office of Foreign Assets Control.
Officials also briefed the Senate Banking Committee on the matter on Thursday, according to the report.
The Treasury Department declined to comment.
A Chinese state-sponsored hacker gained access to the information between Sept. 30 and Nov. 18 via a third-party vendor the department uses, BeyondTrust.
The firm informed Treasury on Dec. 8 that hackers gained access to its data via a vulnerability in a third-party product that it uses.
According to the report, the hackers accessed 419 Treasury computers and at least 3,029 files, officials told lawmakers.
An analysis of Treasury’s logs has found that only unclassified information was compromised, officials told lawmakers.
Treasury officials noted during the briefing that the hack came amid a heightened threat environment for online hacks.
Officials told lawmakers that the department’s security infrastructure has successfully fended off numerous cyberattacks, leading hackers to shift their focus to third-party vendors.
The hack was more limited than other recent breaches, such as a 2023 incident in which Commerce Secretary Gina Raimondo’s emails were hacked.
Treasury officials also expressed concerns to lawmakers about BeyondTrust’s cooperation with its investigation into the breach and said the department is evaluating alternatives to the company.
A spokesperson for the company said in a statement that “upon discovering the incident, BeyondTrust immediately contacted Treasury, as well as the FBI and CISA.”
“We continue to share information, including IOCs, CVEs and any other relevant details with our government partners to support their ongoing investigation,” the spokesperson said. “Providing transparency into this incident has been and remains our top priority.”
Rep. Bill Foster (D-Ill.), a senior House Financial Services member, said in an interview after coming out of the briefing Wednesday that “there was a lot discussion related to third-party contracting,” adding that the matter “will be on our table” this year.
He said lawmakers will look at “whether there are high-level policies we get wrong involving the use of third parties — when it’s appropriate and when it’s not.”