WASHINGTON — According to an announcement from the U.S. Treasury Department, a breach involving Chinese hackers allowed unauthorized remote access to several workstations and unclassified documents. This intrusion occurred after a third-party software service provider was compromised, with details on the extent of the access and the specific documents obtained remaining undisclosed. In correspondence with lawmakers, the agency reassured that “at this time there is no evidence indicating the threat actor has continued access to Treasury information.” This act has been characterized as a “major cybersecurity incident,” prompting further investigation.

A spokesperson for the Treasury emphasized the agency’s commitment to addressing cybersecurity threats seriously. “Treasury takes very seriously all threats against our systems, and the data it holds,” the spokesperson remarked. Over the past four years, the department has made significant enhancements to its cyber defense mechanisms. The official also mentioned ongoing collaboration with both private and public sector partners to safeguard the financial system against such threats.

In response to the allegations, a spokesperson from China’s Foreign Ministry reiterated the country’s consistent denial of involvement in hacking. At a regular press briefing, Mao Ning stated, “We have repeatedly stated our position on such groundless accusations that lack evidence. China consistently opposes all forms of hacking, and we are even more opposed to the dissemination of false information against China for political purposes.”

This event unfolds amid ongoing concerns in the U.S. regarding the extensive Chinese cyberespionage effort known as Salt Typhoon, which has reportedly provided Chinese officials access to private communications of numerous Americans. As of a recent update from a senior White House official, the number of telecommunications companies affected by this ongoing hack has risen to nine.

The Treasury Department first became aware of the breach on December 8 when BeyondTrust, a third-party software provider, signaled that hackers had stolen a critical key intended to secure a cloud-based service used for remote technical support to employees. This compromised key allowed hackers to bypass the service’s security measures, granting them access to various employee workstations.

The compromised service has since been deactivated, and Treasury officials stated that they found no evidence suggesting that the hackers still possess access to the department’s information. Aditi Hardikar, an assistant secretary at the Treasury, noted in a letter on Monday addressed to the leaders of the Senate Banking Committee that the department is coordinating efforts with the FBI and the Cybersecurity and Infrastructure Security Agency, among others, to assess the extent of the incident. Investigations have pointed to state-sponsored actors from China as the culprits, although further specifics were not provided.