US Republican lawmakers call on Treasury to explain recent cyber breach

US Republican lawmakers call on Treasury to explain recent cyber breach

Two United States Republican Party lawmakers are calling on the Treasury Department to provide answers to how a Chinese state-sponsored entity hacked and accessed employee workstations.

In the Dec. 31 letter to US Treasury Secretary Janet Yellen obtained by Law360, Senator Tim Scott, a member of the Senate Banking Committee, and Representative French Hill, the House Financial Services Committee vice chair, asked for a full congressional briefing on the breach by Jan. 10.

Scott and Hill want the briefing to cover the information accessed by the hackers, specific details on how it occurred and steps the treasury has taken to ensure that similar incidents don’t happen in the future, adding: 

“This breach of federal government information is extremely concerning.”

“As you know, Treasury maintains some of the most highly sensitive information on US persons throughout government, including tax information, business beneficial ownership, and suspicious activity reports,” they said. 

The sectors said this information should be a priority to protect from theft or surveillance by foreign adversaries who might seek to harm the US.

“As such, the fact that a CCP [Chinese Communist Party]-sponsored APT [advanced persistent threat] actor was able to access Treasury’s information systems is unacceptable and raises serious questions about the protocols for safeguarding sensitive federal government information from future cybersecurity incidents,” the senators added.

Related: Crypto hacks, scam losses reach $29M in December, lowest in 2024

An unidentified threat actor breached employee workstations at the US Treasury on Dec. 2, gaining access to certain “unclassified” documents.

US Treasury officials told lawmakers in a Dec. 30 letter that the incident has been attributed to a Chinese state-sponsored APT actor.

The department said it would provide more details in a supplemental report in 30 days, as required under the Federal Information Security Modernization Act.

China has denied responsibility for the attack, telling Reuters it “firmly opposes the US’s smear attacks against China without any factual basis.”

Magazine: How crypto laws are changing across the world in 2025