US Treasury Department Suffers Major Cyber Breach Attributed to Chinese Hackers

Fri Apr 17 2026 17:16:32 GMT+0000 (Coordinated Universal Time)

A significant security incident has unfolded at the US Treasury, where a China-based hacker accessed employee systems and unclassified documents.

The U.S. Treasury Department reported a cyber breach by a Chinese state-sponsored actor that compromised employee workstations and unclassified documents. The incident, characterized as a “major incident,” was discovered in early December and involved a security lapse related to third-party service BeyondTrust. The department is collaborating with the FBI and other agencies to assess the breach's implications and fortify its cyber defenses.

In a troubling revelation, the U.S. Treasury Department has confirmed that it was the target of a cyberattack attributed to hackers sponsored by the Chinese government. The breach, which occurred in early December, allowed unauthorized access to employee workstations and some unclassified documents, as detailed in a letter sent to lawmakers.

According to the Treasury’s statement, the incident involved the exploitation of a secured access point linked to a third-party service provider, BeyondTrust, known for offering remote technical support. Treasury officials characterized the breach as a “major incident,” indicating the gravity of the security failure.

To investigate the full extent and consequences of the breach, the U.S. Treasury has enlisted the assistance of the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and external forensic investigators. The compromised platform, BeyondTrust, has been taken offline in response to the security threat.

While the department has not disclosed the specific content of the accessed unclassified documents, officials confirmed that no further unauthorized access has occurred since the initial breach was detected. This incident highlights ongoing concerns regarding cybersecurity and foreign espionage, particularly from China, which has faced accusations of cyber activities undermining U.S. security.

U.S. Treasury officials reiterated their commitment to safeguarding sensitive data, asserting that responses to all threats are taken seriously and that they will continue efforts to bolster their cybersecurity measures. As this situation develops, updates will be provided to ensure transparency and awareness of the breach's ramifications.