Chinese Hackers Accessed Thousands Of Treasury Files, Including Yellen’s, Officials Told Lawmakers

Treasury and other law enforcement officials told lawmakers Wednesday that Chinese hackers gained access to more than 3,000 unclassified agency files as part of a cybersecurity breach last year, according to a person in the room for a classified briefing the agency gave House members on Capitol Hill.

Officials told lawmakers that the hackers accessed a small number of unclassified files belonging to top officials including Secretary Janet Yellen, Deputy Secretary Wally Adeyemo, and Acting Under Secretary Brad Smith, said the person, who was granted anonymity to discuss unclassified portions of a closed-door meeting. Other targets of the hack included the Committee of Foreign Investment in the United States and the Office of Foreign Assets Control.

The briefing, which was held in a secure room in the Capitol for members of the House Financial Services Committee, featured officials from Treasury, the Cybersecurity and Infrastructure Security Agency and the FBI. Officials are set to brief the Senate Banking Committee on the matter on Thursday.

The Treasury Department declined to comment.

A Chinese state-sponsored hacker gained access to the information between Sept. 30 and Nov. 18 via a third-party vendor the department uses, BeyondTrust. The firm informed Treasury on Dec. 8 that hackers gained access to its data via a vulnerability in a third-party product that it uses.

The hackers accessed 419 Treasury computers and at least 3,029 files, officials told lawmakers. An analysis of Treasury’s logs has found that only unclassified information was compromised, officials told lawmakers.

Treasury officials noted during the briefing that the hack came amid a heightened threat environment for online hacks. Officials told lawmakers that the department’s security infrastructure has successfully fended off numerous cyberattacks, leading hackers to shift their focus to third-party vendors.

The hack was more limited than other recent breaches, such as a 2023 incident in which Commerce Secretary Gina Raimondo’s emails were hacked.

Treasury officials also expressed concerns to lawmakers about BeyondTrust’s cooperation with its investigation into the breach and said the department is evaluating alternatives to the company.

“There was a lot discussion related to third-party contracting, and that will be an issue that will be on our table … just whether there are high-level policies we get wrong involving the use of third parties — when it’s appropriate and when it’s not,” said Rep. Bill Foster (D-Ill.).