In a letter seen by NBC News, Aditi Hardikar, assistant secretary for management of the U.S. Department of the Treasury, wrote that the office was notified on Dec. 8 of the breach. The letter is addressed to Sen. Sherrod Brown, D-Ohio, and Sen. Tim Scott, R-S.C., the chairman and ranking member, respectively, of the Committee on Banking, Housing and Urban Affairs.

The information accessed by the "threat actor" included unclassified documents, according to the letter.

China denied the U.S. allegations.

"China consistently opposes all forms of hacking and is firmly against the spread of false information targeting China for political purposes," Ministry of Foreign Affairs spokesperson Mao Ning told reporters at a daily briefing.

Hardikar wrote that the U.S. Treasury was told by "a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users."

With this access, the "threat actor" was able to override certain security measures and get into the department's user workstations.

The U.S. Treasury has been working with the Cybersecurity and Infrastructure Security Agency, the FBI and other members of the intelligence community, as well as "third-party forensic investigators to fully characterize the incident and determine its overall impact," the letter reads.