A bicameral pair of lawmakers is demanding answers from the Treasury Department following a China state-sponsored breach of some of the department’s sensitive systems.
In a letter sent to Treasury Secretary Janet Yellen on Tuesday, the lawmakers called the breach a “major cybersecurity incident” involving a China state-sponsored Advanced Persistent Threat (APT) actor.
Software service provider BeyondTrust notified the Treasury Department in early December of the breach, explaining that the threat actor had gained access to a key used by the vendor for remotely supporting Treasury Departmental Offices end users.
Using the stolen key, the threat actor was able to override the service’s security and remotely access Treasury workstations and certain unclassified documents stored by those users.
“This breach of Federal government information is extremely concerning,” Senate Banking Committee Ranking Member Tim Scott, R-S.C., and House Financial Services Committee Vice Chairman French Hill, R-Ark., wrote in the letter.
Despite the hackers only accessing unclassified documents, the lawmakers warned, “As you know, Treasury maintains some of the most highly sensitive information on U.S. persons throughout government, including tax information, business beneficial ownership, and suspicious activity reports.”
“The fact that a CCP-sponsored APT actor was able to access Treasury’s information systems is unacceptable and raises serious questions about the protocols for safeguarding sensitive Federal government information from future cybersecurity incidents,” they added.
Sen. Scott and Rep. Hill are requesting a Treasury Department briefing on the details of the hack by Jan. 10. They want to know when and how the breach occurred, which China-sponsored APT actor is responsible, and what information was accessed by the threat actor.
Additionally, they want to know “the extent to which Treasury was aware, prior to the cybersecurity incident, of cybersecurity vulnerabilities related to the software services that BeyondTrust – or any other third-party software service provider – provides to Treasury.”
Finally, the lawmakers want to know what steps the Treasury Department is taking to ensure a similar breach does not happen again.