US Department of Treasury Hacked: Hackers stole sensitive documents in major cyber breach

The U.S. Department of Treasury revealed that hackers accessed sensitive documents in what has been described as a “major incident.” According to Reuters, Chinese state-sponsored hackers breached the department’s systems in December, exploiting vulnerabilities in a third-party cybersecurity provider, BeyondTrust. A letter to lawmakers detailed the breach, which has sparked significant concern.

The Washington Post added that the attackers targeted the Office of Foreign Assets Control (OFAC), which handles economic sanctions, as well as other high-profile areas like the Office of Financial Research and Treasury Secretary Janet Yellen’s office. These reports underscore the strategic nature of the attack, focusing on critical operations within the department.

“Chinese state-sponsored hackers breached the U.S. Treasury Department’s computer security guardrails this month and stole documents in what Treasury called a “major incident,” Reuters reported.

How It Happened

The breach was first detected on December 8, 2024, when BeyondTrust alerted Treasury officials to unauthorized access. Hackers had compromised an API key used for technical support, enabling them to infiltrate workstations and access unclassified documents. The affected services were promptly taken offline, and there’s no current evidence of ongoing access.

The attack has been classified as a “major cybersecurity incident,” and the Treasury Department is working closely with the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and other intelligence agencies to understand its full scope and impact.

US Treasury: Chinese Hackers Stole Sensitive Documents

The attackers reportedly set their sights on key offices within the Treasury, including those administering sanctions and financial research. These areas are instrumental in shaping U.S. foreign policy and economic strategies, making the breach particularly concerning.

Additionally, the Washington Post highlighted that one focus of the breach could have been identifying Chinese entities potentially facing U.S. sanctions. Sanctions have become a significant tool in U.S. policy, particularly against Chinese firms and individuals.

China Responds

Liu Pengyu, a spokesperson for the Chinese Embassy in Washington, dismissed the allegations, calling them baseless and defamatory. The statement reiterated China’s stance against cyberattacks but did not directly address the specific claims regarding this breach.

Ongoing Investigation and Response

The Treasury Department has pledged to strengthen its cybersecurity measures in response to the incident. A supplemental report is expected to be submitted to lawmakers within the next 30 days, outlining the department’s findings and detailing additional security measures.

Broader Implications

This breach is the latest in a series of cyber incidents attributed to Chinese state-sponsored actors targeting U.S. government systems. It highlights ongoing tensions between Washington and Beijing, particularly as cybersecurity concerns continue to escalate. Treasury’s response to this breach will likely be closely monitored as a barometer for broader efforts to secure government infrastructure.

In a world where sensitive data increasingly drives geopolitical strategy, breaches like these serve as a stark reminder of the stakes involved in protecting digital frontiers.

Below is a copy of the letter sent to the US lawmakers.