JOHNS CREEK, Ga. — The U.S. Department of Treasury was breached by someone officials say was sponsored by China in December.
Now, a metro Atlanta company has confirmed to Channel 2 Action News that its software was breached, leading to the data access.
A spokesperson for the U.S. Treasury told ABC News that the “major” breach happened when a third-party cybersecurity service used by the agency was accessed.
That service was Johns Creek-based BeyondTrust’s Remote Support service. While the hack was discovered on Dec. 8, according to officials, Treasury staff did not inform members of U.S. Congress until a letter sent to the Senate Banking Committee on Friday, Dec. 27, 2024.
[DOWNLOAD: Free WSB-TV News app for alerts as news breaks]
The Treasury told ABC News they are no longer using the company’s service after the incident. ABC News reported China-sponsored threat actor was able to “override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users,” according to the letter given to members of Congress.
“The compromised BeyondTrust service has been taken offline and there is no evidence indicating the threat actor has continued access to Treasury systems or information,” a Treasury Department spokesperson told ABC News.
The Treasury told the Associated Press on Monday that during the breach, Department workstations and unclassified documents were access after the third-party software was compromised.
“Treasury takes very seriously all threats against our systems, and the data it holds,” a department spokesperson said in a separate statement to the Associated Press. “Over the last four years, Treasury has significantly bolstered its cyber defense, and we will continue to work with both private and public sector partners to protect our financial system from threat actors.”
TRENDING STORIES:
- Sugar Bowl between Georgia, Notre Dame postponed after deadly New Orleans attack
- Atlanta Christian radio station ‘The Fish’ to go off the air at start of February
- NEW GEORGIA LAWS: What new laws are taking effect as the New Year starts?
Responding to questions from the Associated Press, a Foreign Ministry spokesperson in Beijing gave what the Associated Press said was the ministry’s standard answer.
“We have repeatedly stated our position on such groundless accusations that lack evidence,” Mao Ning said at a daily briefing, the press organization reported. “China consistently opposes all forms of hacking, and we are even more opposed to the dissemination of false information against China for political purposes.”
Addressing the data breach, a spokesperson from BeyondTrust told Channel 2 Action News that they’d taken measures to address the security incident in early December.
In a statement, the company said that “BeyondTrust notified the limited number of customers who were involved, and it has been working to support those customers since then. No other BeyondTrust products were involved. Law enforcement was notified and BeyondTrust has been supporting the investigative efforts. BeyondTrust posted information regarding the incident and the on-going investigation on its website on December 8, 2024, including a summary, timeline, and indicators. The security advisory has been updated since then as part of BeyondTrust’s commitment to updating customers through the completion of this matter.”
Upon further questioning by Channel 2 Action News, the company confirmed the U.S. Treasury Department was among those in the limited number of customers impacted by the breach.
The Treasury Department told the Associated Press that the compromised service had been taken offline and other was no evidence that hackers still have access to department information, which they said was also in the letter given to the U.S. Senate.
While it did not elaborate, the U.S. Treasury said they were working with the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency and others to continue their investigation into the hack and its impacts.
U.S. Sen. Rev. Raphael Warnock of Georgia is a member of the Senate Banking Committee. Channel 2 Action News has reached out to his office, as well as the U.S. Treasury, for a copy of the letter and more information on the data breach. We are waiting for their responses.
The Associated Press and ABC News contributed to this report.
[SIGN UP: WSB-TV Daily Headlines Newsletter]
©2025 Cox Media Group
