Hack of US Treasury Department and its consequences for people in the EU.

Question for written answer  E-006980/2020
to the Commission
Rule 138
Sophia in 't Veld (Renew)

On 13 December 2020, it was reported that hackers backed by the Russian Government broke into the networks of the US Treasury Department as part of a months-long global cyberespionage campaign[1].

The US Treasury Department collects and processes financial messaging data stored in the EU for the purpose of preventing, investigating, detecting or making prosecutions for terrorism or terrorist financing, under the EU-US Terrorist Finance Tracking Programme (TFTP).

• 1.Is the Commission aware of this hack, will it immediately ask the US authorities whether the hackers had access to these TFTP data, and will it comment publicly on this information?
• 2.If such hacks continue, the EU-US TFTP agreement could indirectly lead to the potential exposure of millions of people to a real risk of hacking. How will the Commission address this in the next joint review of the agreement, which is scheduled for ‘the beginning of 2021’[2]? When exactly will this review take place?
• 3.The US Treasury Department also oversees the Internal Revenue Service (IRS), the bureau to which personal data of EU citizens are transferred for the purposes of FATCA. When will the Commission finally take action and protect EU citizens against breaches of EU law by the intergovernmental agreements between the Member States and the US for the purposes of implementing FATCA?

• [1] https://www.washingtonpost.com/national-security/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm/2020/12/13/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html
• [2] https://ec.europa.eu/home-affairs/sites/homeaffairs/files/what-we-do/policies/european-agenda-security/20190722_com-2019-342-commission-report_en.pdf