Major Cybersecurity Breach: US Treasury Confirms Chinese Hack

Fri Apr 17 2026 17:31:43 GMT+0000 (Coordinated Universal Time)

Chinese hackers reportedly infiltrated the US Treasury, accessing employee systems and documents in what officials are calling a significant cybersecurity incident.

The US Treasury Department has confirmed that state-sponsored Chinese hackers breached its systems earlier this month, allowing access to employee workstations and some unclassified documents. The incident has prompted investigations in collaboration with the FBI and others, while China strongly denies involvement, labeling the accusations as unfounded.

The US Treasury Department has disclosed a significant cybersecurity breach, revealing that hackers, allegedly linked to the Chinese government, gained access to its systems earlier this month. Officials described the incident as a "major cybersecurity incident" after sending a notification letter to lawmakers. The breach allowed access to employee workstations and some unclassified documents, raising concerns about national security.

The Treasury's statement indicated that the hackers exploited a vulnerability through a third-party service provider, BeyondTrust, which offers remote technical support. The company detected suspicious activity starting on December 2 but took three days to confirm the hack was in progress. Following this, the compromised service has since been taken offline.

In the letter to lawmakers, Treasury officials noted that initial investigations attribute the breach to a "China-based Advanced Persistent Threat (APT) actor." This reference to APTs is significant as it signals a targeted, deliberate breach rather than random hacking, categorizing it as a major incident per Treasury policies.

In response to the breach, Treasury is collaborating with the Cybersecurity and Infrastructure Security Agency (CISA) and third-party forensic teams to assess the full impact. While there are no indications that further access to Treasury information has occurred, concerns remain about the hackers' potential to modify accounts or passwords during the initial surveillance period.

China has vociferously denied any involvement in the breach, describing the accusations as "baseless" and an unfounded smear. The foreign ministry spokesperson reiterated that China opposes all hacking activities, branding the US claims as politically motivated disinformation. In the past year, two suspected hacking groups from China have been linked to espionage and disruption attempts against critical infrastructure and the telecom sector.

FBI investigations are ongoing, particularly focusing on groups like Volt Typhoon, which has been linked to critical infrastructure breaches for possible disruptive actions, and Salt Typhoon being involved in espionage activities. As the situation unfolds, the Treasury is expected to provide a supplemental report on the incident to lawmakers within 30 days.