The US Treasury Department says it was hacked in a China-linked cyberattack

Documents and workstations at the US Treasury Department were accessed during a cyberattack, The New York Times reports. The attack was linked to a “China state-sponsored Advanced Persistent Threat actor” and has been characterized as “a major cybersecurity incident.”

According to a letter the Treasury Department shared with lawmakers (via TechCrunch), US officials were made aware of the issue on December 8, when BeyondTrust, a third-party software company, shared that a security key used to provide technical support was used to access workstations and unclassified documents.

The Treasury Department said that it has worked with the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to understand the full scope of the breach, but hasn’t shared how long files and workstations were accessible or what was actually accessed. Engadget has contacted the US Treasury Department and will update this article once we know more.

The cyberattack follows a similarly concerning, but separate breach of US telecom carriers that came to light in October 2024. That cyberattack was perpetrated by a Chinese hacking group referred to as “Salt Typhoon.” Attackers gained access to unencrypted SMS messages and call logs of politicians, government officials and others for months before the breach was discovered.