A Chinese state-sponsored actor was responsible for a “major incident” that compromised U.S. Treasury Department workstations and classified documents, according to a letter the agency sent congressional lawmakers on Monday.

In a missive to the Senate Banking Committee, the department said it was notified on December 8 by BeyondTrust, a third-party software provider, that a foreign actor had obtained a security key that allowed the perpetrator to remotely gain access to employee workstations and the classified documents stored on them.

“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,” according to the letter from Aditi Hardikar, assistant Treasury secretary for management.

It did not specify the number of impacted workstations or the kind of documents caught in the hack. It also did not say when the initial breach occurred.

The compromised service “has been taken offline and at this time there is no evidence indicating the threat actor has continued access to Treasury information,” it adds.

The notification comes as Washington remains on edge over the recent disclosures that Chinese-linked hackers known as Volt Typhoon and Salt Typhoon have burrowed into U.S. critical infrastructure and penetrated the networks of at least nine telecommunication companies, respectively.

In response, the Biden administration and Capitol Hill lawmakers are readying a series of policy moves, including a vote next month by the Federal Communications Commission that may set minimum cybersecurity standards for telecom firms.

Treasury said it is working with the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) to resolve the intrusion.