Hackers broke into systems used by top US Treasury officials during a massive cyberattack on government agencies and may have stolen essential encryption keys, a senior lawmaker said Monday.
Senator Ron Wyden, who sits on both the Senate Intelligence and Finance Committees, said after a closed-door briefing that the hack at the US Treasury Department “appears to be significant.”
Dozens of email accounts were compromised, he said in a statement.
“Additionally the hackers broke into systems in the Departmental Offices division of Treasury, home to the department’s highest-ranking officials,” said Wyden.
“Treasury still does not know all of the actions taken by hackers, or precisely what information was stolen.”
The US government admitted last week that computer systems in multiple departments were penetrated by attackers who hacked in through widely used security software made by the US company SolarWinds.
Members of Congress briefed by US intelligence, as well as Secretary of State Mike Pompeo and Attorney General Bill Barr, have all said Russians were behind the hack.
So far officials have said the hackers broke into computers at the State Department, Commerce Department, Treasury, Homeland Security Department, and the National Institutes of Health.
But experts have said they fear far more of the government could be affected, including US intelligence bodies, given the ubiquitousness of the SolarWinds security software.
Wyden said that the Internal Revenue Service had said there was no evidence that they had been compromised or data on taxpayers taken.
But he sharply criticized the government for not taking stronger measures to protect its systems.
The government “has now suffered a breach that seems to involve skilled hackers stealing encryption keys from (government) servers,” he said.
That has happened despite “years of government officials advocating for encryption backdoors, and ignoring warnings from cybersecurity experts who said that encryption keys become irresistible targets for hackers.”