The Treasury Department was hacked as part of the large-scale Russian campaign that still has the federal government reeling, Treasury Secretary Steven Mnuchin said Monday.
Speaking to CNBC, Mnuchin said that “our unclassified systems did have some access” from hackers.
“At this point, we do not see any break in into our classified systems,” he said.
“There’s been no damage, nor have we seen any large amounts of information displaced,” he later added.
Treasury is now at least the third federal agency, along with the Departments of Commerce and Energy, to admit it was hacked as part of a wide-reaching espionage campaign widely believed to be the work of Russian intelligence.
Sen. Ron Wyden, D-Ore., expressed concern that the hackers could have gained access Americans’ tax return information.
“Even without accessing classified systems, there is a host of sensitive data at the Treasury department, especially if hackers breached the IRS,” Wyden said in an email.
“That would amount to a goldmine for foreign adversaries looking to spy on or blackmail government officials,” said Wyden, who added that he expected to be briefed on the specifics of the hack soon.
Government officials have widely tied the hacks to Russia’s SVR intelligence agency since news of it broke this month. On Friday, Secretary of State Mike Pompeo said it was “pretty clearly” that Russians were behind the attack, and Attorney General Bill Barr told reporters it “certainly appears to be” Russia’s work.
Only President Donald Trump has cast doubt on that connection, tweeting on Saturday that the media is “petrified of discussing the possibility that it may be China (it may!)” and inexplicably tying the hack to conspiracy theories to explain how he lost the election.
More agencies have been reported to be investigating whether they were also affected, reflecting the potential scope of the campaign.
The hackers began by compromising a third-party information technology company in Austin, Texas, called SolarWinds in March, affecting an untold number of its tens of thousands of customers.
That gave Russia a wide range of potential targets. Microsoft alone said last week that it had contacted more than 40 organizations that had been compromised in the campaign.