Treasury data breach overview:
- Who: The Department of the Treasury reportedly told lawmakers Chinese threat actors hacked it last month.
- Why: The department allegedly says hackers used a stolen vendor key to access Treasury workstations and unclassified documents.
- Where: The Department of the Treasury manages the financial resources of the United States.
The Department of the Treasury reportedly disclosed to lawmakers that it was hacked by Chinese hackers in early December.
The department, which is calling the breach a “major incident,” says BeyondTrust, a third-party software service provider, informed it that hackers remotely accessed Treasury workstations and unclassified documents using a stolen key, CNN reports.
In a statement to CNN, the Department of the Treasury says there is no evidence the threat actor still has access to its systems or information and that it is working with law enforcement and the Cybersecurity and Infrastructure Security Agency in the wake of the Treasury data breach.
In a letter to lawmakers, the department attributed the data breach to a Chinese state-sponsored “advanced persistent threat” actor, CNN reports.
A spokesperson for China’s Foreign Ministry reportedly denied involvement in the data breach when asked about the incident during a news briefing late last month.
Treasury to hold classified briefing with House Financial Services Committee
The Department of the Treasury reportedly says it plans to hold a classified briefing about the Treasury data breach incident with the House Financial Services Committee at a time to be determined.
In its letter to lawmakers, it says BeyondTrust told it that hackers gained access to its systems using a stolen key the vendor used to secure a cloud-based service the Treasury uses for technical support, CNN reports.
“With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury (Departmental Office) user workstations, and access certain unclassified documents maintained by those users,” the letter says, as reported by CNN.
BeyondTrust reportedly identified the security incident Dec. 2; it notified affected customers it confirmed “anomalous behavior” Dec. 5.
It is unclear how many Treasury workstations the data breach affected, according to CNN, which says the department revealed the hackers accessed “several.”
In other recent data breach-related news, Rhode Island state officials disclosed last month that a data breach involving RIBridges, its online portal for obtaining social services, affected hundreds of thousands of residents.
Are you concerned about the Treasury data breach? Let us know in the comments.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
Washington residents: Did you receive a ‘refer a friend’ text for Capital One, Venmo, Tesla, Coinbase, or another company?
September 23, 2025 | Legal News
6 thoughts onChinese hackers breach US Treasury workstations
Include me.
Please add me
I am very concerned about it. It stated “several” workstations were accessed. The main thing is that it does not state what areas the workstations have access to. Also, were the workstations of lower level employees or upper management?
Please add me
I tried to warn the FBI several times about a group of hackers hiding on my computer. They were from all over China, Russia etc and I could see particular items that they were creating to invade several of the top internet groups one being Google and I saw that they hacked into the main frame of the FBI themselves showing various employees with their personal information. I tried to warn them by even going to the office directly and I was turned away by the security guard. The whole thing was just bizarre. It’s like they didn’t care.
Yes include me