China hacks U.S. Treasury Department in major security breach

In December 2024, the U.S. Treasury Department disclosed that it had suffered a significant cyber breach orchestrated by state-sponsored Chinese hackers. The hackers gained access to employee workstations and unclassified documents by exploiting a vulnerability in a third-party service provider, BeyondTrust. The breach was first detected on December 8, 2024, when BeyondTrust notified Treasury about unauthorized access following the theft of a security key that allowed the hackers to override essential security measures. This alarming incident highlights the persistent cyber threats posed by state-backed actors. The Treasury Department has since collaborated with the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) to investigate the intrusion and its implications. Initial assessments indicate that the hackers were able to view certain unclassified documents, although specific details remain undisclosed. As the investigation unfolds, the Treasury plans to provide a supplemental report to Congress within 30 days to offer further insights into the extent and impact of the breach. This breach is characterized as a “major cybersecurity incident” under Treasury policy, prompting a serious response and reassessment of the department's cybersecurity measures. China has categorically denied these accusations, calling them