The US Treasury Department. Credit: Sealy j. via Wikimedia Commons. CC BY-SA 4.0. On December 13, the US National Security Council acknowledged that there had been a major data breach of government entities, including the National Telecommunications and Information Administration (part of the Commerce Department) and the Treasury Department. In an analysis, the cybersecurity company FireEye said the breach was probably a “supply chain” attack involving a third-party vendor SolarWinds and that it likely began last spring. Days after the council’s report, then Secretary of State Mike Pompeo pointed the finger at Russia for perpetrating the attack. The SolarWinds hack is problematic. Troves of data are now in Russian hands, including Microsoft’s source code. That information is not coming back, nor is there an easy fix for patching up the government’s systems. The SolarWinds attack, however, was not the first on US government systems. Another major publicly acknowledged attack occurred as recently as 2015, when hackers broke into the Office of Personnel Management and stole some 20 million personnel records. In addition to attacking government networks, the hackers behind the SolarWinds breach also stole sophisticated private-sector penetration testing tools from FireEye, a cyber-security firm, and other intellectual property. Attackers have also done something like this before. In 2017, hackers leaked sophisticated hacking methods and tools from the US National Security Agency.