January 02, 2025

Scott, Hill Demand Answers from Treasury on China-Sponsored Cyber Hack

Washington, D.C. – Ranking Member Tim Scott (R-S.C.) and House Financial Services Committee Vice Chair French Hill (R-Ark.) are demanding answers following the China state-sponsored cybersecurity breach at the U.S. Department of Treasury. In a letter to Treasury Secretary Janet Yellen, Scott and Hill highlight concerns about the Department’s protocols for safeguarding sensitive federal government information and demand a detailed briefing on the incident.

“We write regarding the major cybersecurity incident that the Department of the Treasury disclosed to the Senate Banking and House Financial Services Committees yesterday involving a China state-sponsored Advanced Persistent Threat actor breaking into Treasury’s computer systems and remotely accessing information maintained by Treasury users. This breach of federal government information is extremely concerning. As you know, Treasury maintains some of the most highly sensitive information on U.S. persons throughout government, including tax information, business beneficial ownership, and suspicious activity reports. This information must be vigilantly protected from theft or surveillance by our foreign adversaries, including the Chinese Communist Party, who seek to harm the United States. As such, the fact that a CCP-sponsored APT actor was able to access Treasury’s information systems is unacceptable and raises serious questions about the protocols for safeguarding sensitive federal government information from future cybersecurity incidents,” wrote Ranking Member Scott and Congressman Hill.

The letter requests a briefing from the Treasury Department by no later than January 10, 2025, that covers, at a minimum, the following:

  • The specific details of the cybersecurity incident, including when and how it occurred and which China-sponsored APT actor is responsible;
  • The type and extent of information accessed by the CCP-aligned actor;
  • The extent to which Treasury was aware, prior to the cybersecurity incident, of cybersecurity vulnerabilities related to the software services that BeyondTrust—or any other third-party software service provider—provides to Treasury; and
  • The steps Treasury has taken, and plans to take, to ensure that a similar cybersecurity incident does not occur again.

To read the full letter, click here.

###