Lawmakers demand information on Chinese hack of Treasury Department
Republican lawmakers are calling on the Treasury Department to provide answers about the cybersecurity breach by China.
They told Treasury Secretary Janet Yellen the breach was “extremely concerning” because the department stores “the most highly sensitive information on U.S. persons throughout government, including tax information, business beneficial ownership, and suspicious activity reports.”
“This information must be vigilantly protected from theft or surveillance by our foreign adversaries, including the Chinese Communist Party (’CCP’), who seek to harm the United States,” said a Dec. 31 letter from Sen. Tim Scott of South Carolina, the top Republican on the Banking Committee, House Financial Services Vice Chair French Hill of Arkansas.
The department is required to give an update on the situation in 30 days, but the GOP lawmakers want it sooner.
They called the breach “unacceptable” and requested a briefing from the department no later than Jan. 10 about the incident. They said they wanted to know how much information the department knew about potential breach threats and what the department has done in the subsequent days to make sure a similar event doesn’t happen again.
The Treasury Department said late last month that a China state-sponsored actor infiltrated workstations and unclassified documents in early December.
“Treasury takes very seriously all threats against our systems, and the data it holds,” a department spokesperson said in a statement. “Over the last four years, Treasury has significantly bolstered its cyber defense, and we will continue to work with both private and public sector partners to protect our financial system from threat actors.”
Treasury said it was alerted to the issue when third-party software service provider, BeyondTrust, flagged that hackers had stolen a key the company used and gained access.
Treasury has said there is no evidence that the hackers still have access and the compromised service has been taken offline. It also said it was working with the FBI and the Cybersecurity and Infrastructure Security Agency to investigate the hack.
