Hackers from China breached the systems of the Ministry of Finance USAgaining access to employee work data and some unclassified documents, US officials said, according to the BBC.

The breach allegedly took place in early December and was made public in a letter drafted by the Ministry of Internal Affairs to MPs informing them of the incident.

The US agency described the breach as a “significant incident” and said it was working with the FBI and other agencies to investigate the fallout.

A spokesman for the Chinese embassy in Washington told the BBC that the accusation was part of a “smear attack” and had “no basis in fact”.

The US Ministry of Internal Affairs stated in its letter that the perpetrator based in China managed to bypass security through a “key” used by a third-party service provider that offers remote technical support to its employees.

The service — called BeyondTrust — has since been shut down, officials said. They added that there is no evidence to suggest that the hacker has since continued to access Treasury information.

Along with the FBI, the department is working with the Cybersecurity and Infrastructure Security Agency and other agencies to determine the overall impact of the breach.

Based on evidence so far, officials said the hack appears to have been carried out by “an advanced persistent threat actor (APT) based in China.”

“In accordance with Treasury Department policy, intrusions attributed to APTs are considered a major cybersecurity incident,” Treasury officials said in their letter.

The ministry was made aware of the incident on December 8 by BeyondTrust, a spokesperson told the BBC. According to the company, the suspicious activity was first detected on December 2, but it took three days for the company to determine that it had been compromised.

The spokesman added that the hacker was able to gain remote access to some unclassified documents.

It did not specify the nature of the compromised documents or when and for how long the hack took place. Also, the level of confidentiality of the electronic systems was not specified. For example, access to 100 low-level employees would probably be less valuable than access to only 10 computers to a higher-level employee.

Hackers may have been able to create accounts or change passwords during the three days BeyondTrust monitored.

As espionage agents, the hackers were believed to be after information rather than funds.

The spokesman said the Treasury “takes all threats to our systems and the data it holds very seriously” and will continue to work to protect its data from external threats.

The ministry’s letter states that a supplementary report on the incident will be submitted to parliamentarians in 30 days.

Chinese embassy spokesman Liu Pengyu denied the ministry’s report, saying it may be difficult to trace the origin of the hackers.

“We hope that the relevant parties will have a professional and responsible attitude when characterizing cyber incidents, basing their conclusions on sufficient evidence and not on baseless speculation and accusations,” he said.

“The US must stop using cyber security to slander China and stop spreading any kind of misinformation about so-called Chinese hacking threats,” he added.

It is the latest high-profile US breach attributed to Chinese espionage hackers after another hack at telecommunications companies in December, in which phone records data may have been breached.