Sen. Tim Scott, R-S.C., and Rep. French Hill, R-Ark., requested that the Treasury Department share more information with Congress on a cybersecurity hack of the department by a China state-sponsored actor.
The department first revealed the incident in a Dec. 30 letter to Senate Banking Committee leaders Scott and Sen. Sherrod Brown, D-Ohio.
In what Treasury described as a “major incident,” the department “was notified by a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users,” the letter stated. This allowed the actor to remotely access certain Treasury DO user workstations and gain access to certain unclassified documents managed by those users.
“This breach of federal government information is extremely concerning,” wrote Scott, the future chair of the Senate Banking Committee, and Hill, who’s slated to run the House Financial Services Committee, in a Dec. 31 letter to Treasury Secretary Janet Yellen.
“The fact that a (China state-sponsored) actor was able to access Treasury’s information systems is unacceptable and raises serious questions about the protocols for safeguarding sensitive federal government information from future cybersecurity incidents,” the lawmakers contended.
The letter requests that the department provide the congressional committees with a briefing on the incident laying out “specific details of the cybersecurity incident, including when and how it occurred and which … actor is responsible,” as well as the “type and extent of information accessed” by the actor.
The briefing should also cover “the extent to which Treasury was aware” of any cyber vulnerabilities related to the software services provided by BeyondTrust or any other third-party service provider working with Treasury prior to the incident, and Treasury should reveal any steps it has taken or plans to take “to ensure that a similar cybersecurity incident does not occur again.”
The Washington Post reported Jan. 1 that the hack targeted the Office of Foreign Assets Control, which administers and enforces economic sanctions, as well as the Office of the Treasury Secretary and Office of Financial Research, citing U.S. officials.
The Treasury Department did not immediately respond to a request for comment.
