The Cybersecurity and Infrastructure Security Agency (CISA) said Monday there is “no indication” that other federal agencies were affected by the recent breach at the Treasury Department.
The Treasury Department revealed last week that Chinese government-backed actors hacked into Treasury Department workstations in early December and accessed unclassified documents.
The agency said in a letter to lawmakers that the hackers obtained the keys from BeyondTrust, a third-party software service provider, and used them to disable security and gain access to Treasury workstations. .
CISA said in a statement Monday that it was “working closely” with both the Treasury Department and BeyondTrust to “understand and mitigate the impact” of the breach.
“The security of federal systems and the data they protect is critical to national security,” the federal cyber watchdog added. “We are actively working to prevent further impact and will provide updates as necessary.”
The Treasury Department promised to provide updates to lawmakers within 30 days as required by law.
But the incoming chairs of the Senate Banking Committee and the House Financial Services Committee, which oversee the agency, on Tuesday asked Treasury Secretary Janet Yellen to explain the incident by Jan. 10.
“This breach of federal information is deeply concerning. As you know, the Treasury Department is releasing the most sensitive information about Americans, including tax information, corporate beneficial ownership, and suspicious activity reports, across the government. “We're managing it,” said Sen. Tim Scott (R) and Rep. French Hill (R). -Ark.) wrote.
“This information must be carefully protected from theft and surveillance by foreign adversaries, including the Chinese Communist Party (“CCP”), who seek to harm the United States,” they added.
