Republican lawmakers are swiftly urging the Treasury Department to provide answers on a recent cybersecurity attack from China that infiltrated various workstations, as outlined in a letter obtained by The Hill.
“This breach of federal government information is extremely concerning. As you know, Treasury maintains some of the most highly sensitive information on U.S. persons throughout government, including tax information, business beneficial ownership, and suspicious activity reports,” Sen. Tim Scott (R-S.C.), a ranking member on the Senate Banking Committee, and House Financial Services Committee Vice Chair French Hill (R-Ark.) wrote to Treasury Secretary Janet Yellen.
“This information must be vigilantly protected from theft or surveillance by our foreign adversaries, including the Chinese Communist Party (‘CCP’), who seek to harm the United States,” they wrote.
Chinese state-sponsored actors hacked into the Treasury Department in early December and accessed unclassified documents from its workstations, the agency told lawmakers last week. The hackers stole a key from a software service provider, BeyondTrust, and gained access to the department’s workstations.
Scott and Hill are requesting a briefing on the breach in eight days with full detail on the information accessed by the hackers, specifics on those responsible for the incident and how it will be prevented in the future, among other requests.
In an initial letter issued by the Treasury Department after the attack, the agency noted it is no longer using BeyondTrust and claimed there is no evidence the hackers still have access to the workstations.
The Treasury Department originally said it would provide Congress members with an update in 30 days as outlined by the law. However, Scott and Hill said they need answers sooner.
“Treasury takes very seriously all threats against our systems, and the data it holds,” the agency released in a statement immediately following the incident.
“Over the last four years, Treasury has significantly bolstered its cyber defense, and we will continue to work with both private and public sector partners to protect our financial system from threat actors,” the department’s statement reads.
