The Treasury Department's cybersecurity breach, attributed to Chinese state-sponsored actors, has not yet shown signs of impacting other federal agencies, according to the Cybersecurity and Infrastructure Security Agency (CISA). However, Congress is demanding further clarification, requesting a briefing by January 10th.
Early December's attack saw hackers exploit a third-party software provider, BeyondTrust, to gain access to unclassified Treasury workstations. This involved obtaining a key to override security protocols, a significant security lapse.
CISA confirmed its collaboration with both the Treasury Department and BeyondTrust to assess and mitigate the breach's consequences. They stress the importance of protecting federal systems and data crucial to national security. Further updates will be provided as warranted.
While no wider federal impact has been reported, Senate and House oversight committees are pressing for more information. Senators Tim Scott (R-SC) and French Hill (R-AR) expressed concerns regarding the sensitivity of the compromised data, including tax information, business ownership details, and suspicious activity reports. They highlighted the need to safeguard this information from foreign adversaries like China.
The Treasury Department has pledged to provide a formal update within 30 days as mandated. The lawmakers’ demand for a January 10th briefing underscores the gravity of the situation and the desire for swift and transparent action.
