Sen. Ron Wyden (D-Ore.) said on Monday that a cyberattack at the Department of Treasury reported by media outlets last week “appears to be significant.”
Wyden, the ranking member of the Senate Finance Committee, released the statement after the committee’s staff was briefed by the Treasury Department and the IRS about the hack of the IT company SolarWinds.
The Oregon senator said the IRS reported “no evidence that IRS was compromised or taxpayer data was affected,” but he added, “The hack of the Treasury Department appears to be significant.”
“According to Treasury staff, the agency suffered a serious breach, beginning in July, the full depth of which isn’t known,” Wyden said. “Microsoft notified the agency that dozens of email accounts were compromised.”
“Additionally the hackers broke into systems in the Departmental Offices division of Treasury, home to the department’s highest-ranking officials,” he added. “Treasury still does not know all of the actions taken by hackers, or precisely what information was stolen.”
Wyden then slammed government officials who have been “advocating for encryption backdoors, and ignoring warnings from cybersecurity experts who said that encryption keys become irresistible targets for hackers.”
The Oregon Democrat’s statement follows reports from media outlets that several federal agencies were hacked this year through the cyberattack on SolarWinds. According to The Washington Post, the cyberattack was conducted by a Russian military intelligence group called “Cozy Bear.”
Last week, the Cybersecurity and Infrastructure Security Agency gave an emergency order for federal departments to stop using SolarWinds products.
Wyden and Senate Finance Committee Chairman Chuck Grassley (R-Iowa) requested the IRS brief the committee on whether sensitive taxpayer information was suspected to have been leaked in the hack.
Wyden also partnered with Senate Banking Committee ranking member Sherrod Brown (D-Ohio) to call on Treasury Secretary Steven Mnuchin to provide more information on the breach of the department.
Mnuchin told CNBC on Monday that the cyberattack involved “unclassified systems,” saying, “we do not see any break in into our classified systems.”
“Our unclassified systems did have some access,” he said. “I will say the good news is there’s been no damage, nor have we seen any large amounts of information displaced.”
“This is something that … will be continued to be focused on, but we are – we are working with the National Security Council, we’re working with the Intel agencies and, and I can assure you, we are completely on top of this.”
Updated 10:48 a.m.