Chinese state-sponsored hackers broke into US Treasury Department systems earlier this month and were able to access employee workstations and some unclassified documents, US officials said.
The Treasury Department deemed the breach a “major incident” after it disclosed it through a letter notifying lawmakers of the incident.
The US agency said it was working with the FBI and other agencies to investigate the impact of the hack.
China has denied any involvement, calling the accusations “baseless” and saying it “consistently opposes all forms of hacking”.
It is the latest in a series of high-profile and embarrassing security breaches in the US that have been blamed on China.
The hacking of telecommunications companies in December potentially accessed data on the telephone conversations of large parts of American society.
The Treasury Department said in its letter to lawmakers that this latest attack involved actors based in China who bypassed security through a key used by a third-party service provider. The application offers remote technical support to its employees.
The compromised third-party service — called BeyondTrust — has since been shut down, officials said. There was no evidence to suggest that the hacker had continued to access Treasury information since then, the statement continued.
The department said it worked with the Cybersecurity and Infrastructure Security Agency and third-party forensic investigators to determine the overall impact.
Officials said initial investigations suggested the hack was carried out by a “Chinese Advanced Persistent Threat (APT) actor.”
“In accordance with Treasury Department policy, intrusions attributable to APT are considered a major cybersecurity incident,” Treasury officials said.
The department monitors global financial systems and economies, and in recent years has imposed US sanctions against China.
He said BeyondTrust notified him of the hack on December 8, a spokesperson told the BBC. According to the company, the suspicious activity was first noticed on December 2, but it took three days for the company to determine that it had been hacked.
The spokesman said the hackers were able to remotely access several Treasury Department user workstations and some unclassified documents stored by those users.
The department did not specify the nature of these files, nor when and how long the hacking took place. They also did not specify the level of confidentiality of the computer systems or the seniority of the personnel whose materials were accessed.
Hackers may have been able to create accounts or change passwords in the three days BeyondTrust observed.
As espionage agents, the hackers are believed to have sought information rather than trying to steal funds.
The ministry’s letter states that an additional report on the incident will be submitted to MPs in 30 days.
Chinese Foreign Ministry spokeswoman Mao Ning denied the US claims, telling a news briefing that they were “baseless accusations without evidence”.
“China consistently opposes all forms of hacking and firmly rejects the spread of false information targeting China for political purposes.”
Two separate groups of suspected Chinese government hackers were identified last year.
The Volt Typhoon is accused of breaking into critical infrastructure organizations for possible jamming attacks, and the Salt Typhoon is accused of carrying out espionage missions.
China routinely denies involvement, and a spokesman for the Chinese embassy in Washington DC told BBC News that the latest accusation was part of a smear attack without any basis in fact.
“The US should stop using cybersecurity to slander and defame China and stop spreading all kinds of misinformation about the so-called Chinese hacker threats,” said embassy spokesman Liu Pengyu.
The US has not provided any evidence that China is responsible for the hack.
