Sen. Ron Wyden of Oregon, the top Democrat on the Senate Finance Committee, said in a statement that the committee had been briefed on the hack by Treasury and IRS officials and it “appears to be significant.”
“According to Treasury staff, the agency suffered a serious breach, beginning in July, the full depth of which isn’t known. Microsoft notified the agency that dozens of email accounts were compromised. Additionally the hackers broke into systems in the Departmental Offices division of Treasury, home to the department’s highest-ranking officials,” Wyden said.
“Treasury still does not know all of the actions taken by hackers, or precisely what information was stolen.”
Wyden did not mention whether Treasury Secretary Steven Mnuchin was impacted by the hack, but noted that IRS officials had relayed that there is no evidence their agency was compromised.
The Treasury Department did not respond to CNN’s request for comment.
While the exact scope and scale of the hack remain to be seen, it is already becoming clear that this marks one of the most significant breaches of the US government in years. It also shows that Russia and other foreign actors continue to exploit US cyber vulnerabilities — an issue that will likely present a challenge for the incoming Biden administration.
The software that the suspected Russian malware was delivered with, SolarWinds Orion, has as many as 18,000 global customers, including government agencies, private companies and other organizations.
Instead of condemning the attack, or Russia, he wrote that he had been “fully briefed and everything is well under control” — despite officials in his administration having said last week that the cyberattack “poses a grave risk” to networks across both the public and private sectors.