SolarWinds Hackers May Have Had Access to All Treasury Emails

Newly surfaced documents from a FOIA lawsuit reveal just how deep the SolarWinds breach went. Hackers potentially had access to every single email address under the treasury.gov domain for roughly three months — from July 6, 2020 to October 12, 2020.

The breach, allegedly carried out by hackers backed by Russia's intelligence services, hit six years ago. But the full scope is only now coming into focus through court filings.

The keyword here is "potentially." The documents indicate the attackers could have reached all Treasury email addresses during that window. That's a massive exposure surface for one of the most sensitive departments in the U.S. government.

The SolarWinds hack remains one of the most significant supply chain compromises in history. These new details add another grim chapter to an already ugly story.