When was the breach discovered?

The incident was discovered on December 8, 2024, and has been classified as a 'major incident' by the Treasury.

How many systems were affected?

The breach affected multiple high-level officials' systems, including Secretary Janet Yellen's computer (fewer than 50 files accessed), Deputy Secretary Wally Adeyemo's system, Acting Under Secretary Brad Smith's system, and over 400 employee laptops and desktops.

What types of data were exposed in the breach?

The exposed data included over 3,000 unclassified files, employee usernames and passwords, documents related to sanctions enforcement, intelligence-related materials, international affairs documentation, files connected to CFIUS, and law enforcement investigation materials.

Incident

U.S. Treasury Department reports breach, stolen documents by hackers

Q: What type of cybersecurity breach occurred at the U.S. Treasury Department?

The U.S. Treasury Department experienced a cybersecurity breach where Chinese state-sponsored threat actors gained unauthorized access through a third-party cloud service provider called BeyondTrust.

published: Dec. 30, 2024

Learn More

U.S. Treasury Department reports a cybersecurity breach, where Chinese state-sponsored threat actors gained unauthorized access through a third-party cloud service provider BeyondTrust.

The incident, discovered on December 8, 2024, has been classified as a "major incident" by the Treasury and involved the compromise of BeyondTrust, a third-party software provider responsible for cloud-based technical support services.

The incident resulted in unauthorized access to Treasury workstations and the exposure of unclassified documents, though the exact scope of the compromise remains undisclosed.

The Treasury Department initiated an investigation in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA), FBI, and forensic investigators. Assistant Secretary for Management Aditi Hardikar has confirmed that while the compromised service has been taken offline, investigations are ongoing to determine the full impact of the breach.

Exposed data and number of affected individuals is not disclosed.

The department credited its Cybersecurity Enhancement Account investments for providing robust incident processes and detailed logging capabilities that proved crucial in the incident response efforts.

According to the Treasury's statement, there is currently no evidence suggesting continued unauthorized access to their systems.

Update - as of 17th of January 2025 the U.S. Treasury Department reports that the incident has compromised the computers of senior officials and hundreds of employees. The incident has been classified as a "major incident" by Treasury officials.

The unauthorized access affected multiple high-level officials' systems, including:

Secretary Janet Yellen's computer (fewer than 50 files accessed)
Deputy Secretary Wally Adeyemo's system
Acting Under Secretary Brad Smith's system
Over 400 employee laptops and desktops

Exposed Data Types:

Unclassified files (over 3,000)
Employee usernames
Employee passwords
Documents related to sanctions enforcement
Intelligence-related materials
International affairs documentation
Files connected to CFIUS (Committee on Foreign Investment in the US)
Law enforcement investigation materials

U.S. Treasury Department reports breach, stolen documents by hackers

Read More
Philippine National Home Mortgage Finance Corporation reports security …
Sensitive Optus data leaked through the HWL Ebsworth …
Vermont health insurance customers exposed in data theft …
Serbia's Business Registers Agency Targeted by Threat Actor …
Millions of passengers potentially impacted in Dublin Airport …