Dec 21, 2020 - Politics & Policy

Sen. Wyden: Dozens of Treasury email accounts breached in SolarWinds hack

Photo of the exterior of the Treasury building, where its seal is attached to the wall

Photo: Alastair Pike/AFP via Getty

Hackers who infiltrated government networks in the SolarWinds cyberattack compromised "dozens of email accounts" in the Treasury, Senate Finance Committee Ranking Member Ron Wyden (D-Ore.) said Monday.

Why it matters: The monthslong cyberattack impacted a range of companies and government agencies and has prompted outrage in Washington D.C. as officials try to get to the bottom of what happened. The Treasury has not yet been able to ascertain what information, if any, was stolen, per Wyden.

The big picture: The breach that began in July "appears to be significant," Wyden said in an emailed statement. Perpetrators broke into systems in the Departmental Offices division of Treasury, which comprises the department’s highest-ranking officials, according to Wyden.

  • There is no evidence the hack impacted the IRS or taxpayer data, but the “full depth” of the attack is not known.
  • "Finally, after years of government officials advocating for encryption backdoors, and ignoring warnings from cybersecurity experts who said that that encryption keys become irresistible targets for hackers, the USG has now suffered a breach that seems to involve skilled hackers stealing encryption keys from USG servers," Wyden said.

Of note: Treasury Secretary Steven Mnuchin told CNBC, "The good news is there's been no damage, nor have we seen any large amounts of information displaced."

  • The Treasury is working with the National Security Council and Intel agencies to address the breach, Mnuchin said.
  • The Treasury did not immediately respond to Axios' request for comment.
Go deeper