Treasury Department workstations were breached by China-backed hackers who then stole unclassified documents, according to multiple media reports posted Monday (Dec. 30).
The incident happened this month and was disclosed to lawmakers by the Treasury Department, Reuters reported Monday.
The hackers gained access to the Treasury workstations by compromising a third-party cybersecurity service provider and stealing a key the vendor used to secure a cloud-based service through which it provided tech support to Treasury Department offices end users, according to the report.
The Treasury Department is working to assess the impact of the attack with the help of the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), the report said.
CNN, which also reported on the hack, said officials described the attack as a “major incident.”
A Treasury spokesperson told CNN that there is no evidence that the hacker still has access to Treasury systems or information, per the report.
Treasury officials plan to discuss the breach with House Financial Services Committee staffers next week, in a confidential briefing, according to the report.
In an earlier, separate hack, it was reported in December 2020 that attacks by hackers linked to the Russian government against the Treasury Department, the Department of Commerce and its National Telecommunications and Information Administration unit were severe enough to trigger an emergency meeting of the National Security Agency at the White House.
One unnamed government official characterized that incident as “a huge cyber espionage campaign targeting the U.S. government and its interests.”
It was reported in October that Bank of America said in an investor note that 60% of organizations were hit by ransomware in 2023, the average payment increased fivefold compared to the previous year, and the average cost of a data breach had risen 10% in 2024.
“If cybercrime damage were a state, it would be the world’s third-largest economy,” the note said.
PYMNTS reported in July that data extortion and ransomware attacks launched by hackers had such a substantial impact on the businesses and marketplaces they targeted during the first half of 2024 that it was already “the year of the cyberattack.”
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More