Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
U.S. Department of the Treasury

U.S. Department of the Treasury Vendor Cyber Rating & Cyber Score

treasury.gov

The Treasury Department is the executive agency responsible for promoting economic prosperity and ensuring the financial security of the United States. The Department is responsible for a wide range of activities such as advising the President on economic and financial issues, encouraging sustainable economic growth, and fostering improved governance in financial institutions. The Department of the Treasury operates and maintains systems that are critical to the nation's financial infrastructure, such as the production of coin and currency, the disbursement of payments to the American public, revenue collection, and the borrowing of funds necessary to run the federal government. The Department works with other federal agencies, foreign


UDT A.I CyberSecurity Scoring

UDT
Company Information
Website:https://home.treasury.gov/
Employees number:14,483
Number of followers:155,402
NAICS:92
Industry Type:Government Administration
Homepage:treasury.gov
UDT Risk Score (AI oriented)
Between 550 and 599
logo
UDTGovernment Administration
Updated:
02/04/2026
591/1000
Very Poor
Ca
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
UDT Global Score (TPRM)
xxxx
logo
UDTGovernment Administration
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

UDT
UDTVery Poor
Current Score
591Ca (VERY POOR)
01000
6 incidents
-19 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
602Before Incident
JUNE 2026
602Before Incident
MAY 2026
595Before Incident
APRIL 2026
591Before Incident
MARCH 2026
589Before Incident
FEBRUARY 2026
587Before Incident
JANUARY 2026
583Before Incident
DECEMBER 2025
579Before Incident
NOVEMBER 2025
575Before Incident
OCTOBER 2025
571Before Incident
SEPTEMBER 2025
566Before Incident
AUGUST 2025
580Before Incident
Cyber Attack
22 Aug 2025UDT
U.S. Treasury's Office of Foreign Assets Control (OFAC)

Murky Panda (Silk Typhoon) Exploits Trusted Cloud Relationships for Cyberespionage

561After Incident
CRITICAL-19
US-526082425
The Chinese state-sponsored hacking group Murky Panda (Silk Typhoon) exploited trusted cloud relationships and zero-day vulnerabilities to breach the U.S. Treasury’s Office of Foreign Assets Control (OFAC). By compromising a SaaS provider’s cloud environment, the attackers gained access to application registration secrets in Entra ID (formerly Azure AD), allowing them to authenticate as a legitimate service and infiltrate downstream networks. This enabled them to read sensitive emails, steal confidential government data, and maintain persistent access through backdoor accounts with escalated privileges.The attack leveraged supply chain vulnerabilities, abusing delegated administrative privileges (DAP) granted to cloud providers, which allowed Murky Panda to move laterally across multiple tenants. Their use of custom malware (CloudedHope RAT), web shells (Neo-reGeorg, China Chopper), and compromised SOHO devices as proxies ensured stealthy, long-term access while evading detection. The breach posed a severe risk to national security, given OFAC’s role in enforcing economic sanctions and combating financial threats. The attackers’ operational security (OPSEC) measures, including log tampering and timestamp manipulation, further obscured forensic traces, amplifying the threat’s sophistication and impact.
INCIDENT DETAILS -
TYPE
cyberespionagesupply chain attackcloud compromise
MOTIVATION
cyberespionage (targeting government, technology, legal, and professional services for sensitive data)
IMPACT
emailssensitive organizational dataapplication datacloud environments (Microsoft Entra ID, SaaS providers)downstream customer networkscompromised SOHO devices (used as proxies)servers with deployed web shells (Neo-reGeorg, China Chopper)Operational Impact: long-term stealthy access for data exfiltration, persistence via backdoor accountsBrand Reputation Impact: high risk for targeted organizations (government, legal, professional services)
DATA BREACH
emailssensitive organizational dataapplication dataSensitivity Of Data: high (government, legal, and professional services data)
MARCH 2025
627Before Incident
Breach
01 Mar 2025UDT
US Treasury

Breach of US Treasury by Chinese Hackers

556After Incident
CRITICAL-71
US-000030825
The breach of the US Treasury by Chinese hackers, including 12 individuals indicted by the Department of Justice, resulted in significant data compromise. Over a three-month period, at least 400 PCs were infiltrated leading to the theft of more than 3,000 files. This attack highlights the risk posed by autonomous state-sponsored hacking groups who target and steal sensitive information from high-profile international entities, selling it to government clients for strategic advantages.
INCIDENT DETAILS -
TYPE
Data Breach
MOTIVATION
EspionageStrategic Advantage
IMPACT
Data Compromised: More than 3,000 filesSystems Affected: At least 400 PCs
DATA BREACH
Type Of Data Compromised: Sensitive informationNumber Of Records Exposed: More than 3,000 filesSensitivity Of Data: High
JANUARY 2025
682Before Incident
Breach
01 Jan 2025UDT
United States Treasury

United States Treasury Breach

621After Incident
CRITICAL-61
US-000011025
The United States Treasury suffered a 'major' breach when an Advanced Persistent Threat group, believed to be linked to the Chinese government, exploited flaws in BeyondTrust software. The attackers stole an authentication key, gaining access to department computers and managing to steal 'certain unclassified documents'. While classified as unclassified, the breach's full extent and subsequent risks, such as exposure to financial manipulations and international diplomatic consequences, are still under assessment.
INCIDENT DETAILS -
TYPE
Data Breach
MOTIVATION
Data Theft
IMPACT
Data Compromised: Unclassified documentsSystems Affected: Department computers
DATA BREACH
Type Of Data Compromised: Unclassified documentsSensitivity Of Data: Unclassified
DECEMBER 2024
741Before Incident
Breach
01 Dec 2024UDT
US Treasury Department

US Treasury Department Breach

680After Incident
CRITICAL-61
US-000010125
A breach in early December 2024 at the US Treasury Department involved remote access by hackers to Treasury computers, compromising certain unclassified documents. By exploiting vulnerabilities in remote support software from BeyondTrust, identified as CVE-2024-12356 and CVE-2024-12686, attackers stole an authentication key, enabling system access. Despite the breach being attributed to a Chinese state-sponsored APT actor, no ongoing access was found. The incident sparked collaborations with FBI, CISA, and intelligence agencies for a comprehensive evaluation.
INCIDENT DETAILS -
TYPE
Breach
MOTIVATION
Data Theft
IMPACT
Data Compromised: Unclassified documentsSystems Affected: Treasury computers
DATA BREACH
Type Of Data Compromised: Unclassified documentsSensitivity Of Data: Low
DECEMBER 2022
734Before Incident
Cyber Attack
01 Dec 2022UDT
U.S. Department of the Treasury

Hacking Attacks Against US Federal Entities

715After Incident
CRITICAL-19
USD13361222
Companies suffered as a result of hacking attacks against US federal entities, affected departments included the US Department of Homeland Security, the Department of Commerce, and the Department of the Treasury. Early this year, Iranian government-sponsored hackers, including the FBI and CISA, gained access to a network of an unnamed US federal agency and used the Log4Shell vulnerability to install crypto miners and use stolen passwords. According to the advisory, "Cyber threat actors advanced to the domain controller (DC), compromised credentials, implanted Ngrok reverse proxies on multiple hosts to maintain persistence, and then exploited the Log4Shell vulnerability in an unpatched VMware Horizon server to install XMRig crypto mining software.
INCIDENT DETAILS -
TYPE
Hacking
MOTIVATION
Cryptocurrency mining
IMPACT
Domain controller (DC)Multiple hostsVMware Horizon server
JANUARY 2018
784Before Incident
Breach
01 Jan 2018UDT
Booz Allen Hamilton, Internal Revenue Service and U.S. Department of the Treasury: Feds yank contracts with Booz Allen Hamilton after Trump tax leak

Treasury Cancels Booz Allen Hamilton Contracts After Massive Tax Data Leak

639After Incident
CRITICAL-145
BOOIRSUS-1769454012
Treasury Cancels Booz Allen Hamilton Contracts After Massive Tax Data Leak The U.S. Department of the Treasury announced on Monday the termination of all contracts with consulting firm Booz Allen Hamilton following a major breach involving the leak of sensitive tax information. The decision comes after former IRS contractor Charles Edward Littlejohn, who worked for Booz Allen, was sentenced in 2024 to five years in prison for disclosing confidential tax records including those of former President Donald Trump to media outlets. Between 2018 and 2020, Littlejohn provided stolen tax data to The New York Times and ProPublica, an act prosecutors described as "unparalleled in the IRS's history." The breach exposed records belonging to approximately 406,000 individuals, though the Treasury’s statement did not explicitly mention Trump’s leaked returns. Treasury Secretary Scott Bessent stated that the cancellation was necessary to "increase Americans' trust in government," citing Booz Allen’s failure to implement adequate safeguards for sensitive taxpayer data. The department had 31 active contracts with the firm, totaling $4.8 million in annual spending and $21 million in total obligations. Court documents revealed that Littlejohn intentionally sought the contractor role to access Trump’s tax returns, using his technical skills to extract data without detection. At his sentencing in January 2024, he acknowledged his actions, stating, "I used my skills to systematically violate the privacy of thousands of people." Booz Allen Hamilton has not yet commented on the termination.
INCIDENT DETAILS -
TYPE
Data Breach
MOTIVATION
Intentional disclosure to media outlets
IMPACT
Financial Loss: $21 million (total contract obligations)Data Compromised: Sensitive tax recordsSystems Affected: IRS tax record systemsOperational Impact: Termination of contracts with Booz Allen HamiltonBrand Reputation Impact: Loss of trust in government and contractorIdentity Theft Risk: High
DATA BREACH
Type Of Data Compromised: Tax recordsNumber Of Records Exposed: 406,000Sensitivity Of Data: High (confidential taxpayer information)Data Exfiltration: YesPersonally Identifiable Information: Yes

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for UDT ?
?
What was UDT's A.I Rankiteo Cyber Score in June 2026 ?
?
What was UDT's A.I Rankiteo Cyber Score in May 2026 ?
?
What was UDT's A.I Rankiteo Cyber Score in April 2026 ?
?
What was UDT's A.I Rankiteo Cyber Score in March 2026 ?
?
What was UDT's A.I Rankiteo Cyber Score in February 2026 ?
?
What was UDT's A.I Rankiteo Cyber Score in January 2026 ?
?
What was UDT's A.I Rankiteo Cyber Score in December 2025 ?
?
What was UDT's A.I Rankiteo Cyber Score in November 2025 ?
?
What was UDT's A.I Rankiteo Cyber Score in October 2025 ?
?
What was UDT's A.I Rankiteo Cyber Score in September 2025 ?
?
What was UDT's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on UDT's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with UDT ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view UDT's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?