Justice Department confirms breach as part of SolarWinds hack, says emails were accessed

The Justice Department on Wednesday confirmed that it was breached as part of the recently discovered Russian hack of IT company SolarWinds, with around 3 percent of agency employee emails accessed by the hackers.

“On Dec. 24, 2020, the Department of Justice’s Office of the Chief Information Officer (OCIO) learned of previously unknown malicious activity linked to the global SolarWinds incident that has affected multiple federal agencies and technology contractors, among others,” Justice Department spokesperson Marc Raimondi said in a statement. “This activity involved access to the Department’s Microsoft O365 email environment. “

Raimondi noted that the OCIO was able to identify how the hackers had accessed agency emails, and “around 3 percent” of emails were “potentially accessed.” He emphasized that “we have no indication that any classified systems were impacted.”

The Justice Department has over 100,000 employees. No details were provided on which specific accounts were impacted. 

The statement marks a confirmation by the Justice Department that it was compromised as part of the SolarWinds hack, which has been ongoing since March but first reported publicly in December by Reuters.

SolarWinds reported last month that it believes around 18,000 of its customers were impacted by Russian hackers infiltrating software updates from the company to access customer networks. 

Many federal agencies along with the majority of U.S. Fortune 500 companies are counted among SolarWinds customers, with the Department of Homeland Security, the Treasury Department, the Department of Defense, and Energy Department previously confirming they were impacted. Microsoft said last week that it had also been compromised, with hackers viewing but not changing its code. 

Top Treasury Department officials had their emails compromised as part of the hack beginning in July according to CNN, with other consequences of the hack still coming to light. 

“As part of the ongoing technical analysis, the department has determined that the activity constitutes a major incident under the Federal Information Security Modernization Act, and is taking the steps consistent with that determination,” Raimondi said Wednesday. “The department will continue to notify the appropriate federal agencies, Congress, and the public as warranted.”

The statement by the Justice Department was put out a day after the FBI, the Office of the Director of National Intelligence, and the National Security Agency put out an official statement assessing that the hackers behind the SolarWinds attack were “likely Russian in origin,” 

The agencies assessed that “fewer than ten” U.S. federal agencies had been “compromised by follow-on activities in their systems.”

Members of Congress on both sides of the aisle have called for strong action to be taken to address the incident, which President-elect Joe Biden described as a “grave threat to our national security” in a speech last month. 

The statement from the agencies was put out on behalf of President Trump, who otherwise has only addressed the hacking incident in one tweet last month in which he questioned whether China was behind the hack instead of Russia. Both governments have denied involvement.