Treasury Email Accounts Compromised in Hack, Sen. Wyden Says

December 21, 2020 Updated: December 21, 2020

The email accounts of the highest-ranking Treasury Department officials were compromised in a massive breach of U.S. government systems, according to Sen. Ron Wyden (D-Ore.).

Wyden made the remarks on Monday after being a briefing on the hack to the Senate Finance Committee by the Internal Revenue Service and the Treasury Department.

Wyden said the hack “appears to be significant” and appears to have involved the theft of encryption keys.

“Treasury still does not know all of the actions taken by hackers, or precisely what information was stolen,” Wyden said in a statement.

Epoch Times Photo
Senator Ron Wyden (D-Ore.). (Gary Feuerberg/ The Epoch Times)

A Treasury Department spokeswoman declined to comment on Wyden’s statement.

Secretary Steven Mnuchin said in a CNBC interview on Monday that the hack impacted the Treasury’s unclassified systems, but the department has not seen any damage.

“We do not see any breaking into our classified systems. Our unclassified systems did have some access,” Mnuchin said about the massive hack. “I will say that the good news is there has been no damage, nor have we seen any large amounts of information displaced.”

Hackers who exploited an update to the ubiquitous SolarWinds Orion network management software accessed several U.S. government agencies, including the departments of Defense, State, Homeland Security, Energy, Treasury, and Commerce.

According to SolarWinds, as many as 18,000 customers who used the Orion software ended up installing a malicious update.The malware gave hackers remote access into an organization’s networks so they could steal information. The hack was first reported by cybersecurity firm FireEye, itself a SolarWinds customer.

Believed to be the biggest hack ever uncovered, the breach has prompted the U.S. government to assemble a multi-department task force to respond to the threat.

SolarWinds Corp banner hangs at the New York Stock Exchange on the IPO day of the company in New York, on Oct. 19, 2018. (Brendan McDermid/Reuters)

Treasury was among the earliest known agencies reported to have been affected in the breach. The effects and consequences of the hack are still being assessed, though the Department of Homeland Security’s cybersecurity arm said in a statement that the intrusion posed a “grave” risk to government and private networks.

Wyden said the breach at Treasury began in July.

The Cybersecurity and Infrastructure Security Agency (CISA) said Thursday that the hacking campaign that targeted the federal government is larger than what was previously known.

The hackers gained backdoor access in more ways than through the SolarWinds software.

“CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated,” CISA said in a statement.

Microsoft said Thursday that it found the malicious software in its system. The company said around 30 of the affected customers were in the United States.

“It’s certain that the number and location of victims will keep growing,” Microsoft President Brad Smith said in a blog post.

Jack Phillips contributed to this report.

Follow Ivan on Twitter: @ivanpentchoukov