The US Treasury Department announced in a letter in December that it is the attributing it to an “Advanced Persistent Threat actor sponsored by the Chinese state.” Now we know more about the extent of the hack, .

The hacking group got into more than 400 laptops and desktop computers, many of them focused on “sanctions, international affairs and intelligence.” They also accessed employee usernames and passwords, in addition to more than 3,000 files on unclassified personal computers. These documents include travel data, organizational charts, authorization materials and foreign investment metrics.

An agency report indicated that the perpetrators likely stole much of this data, but did not break into Treasury’s classified or email systems. Hackers have accessed materials about investigations run by the Committee on Foreign Investment. This committee examines the security implications surrounding real estate purchases and foreign investments in the US.

The agency’s report also said that there was no evidence to suggest that the hackers tried to hide Treasury systems for the purpose of long-term intelligence gathering, and they did not leave behind any malware.

Investigators attributed the intrusion to a notorious Chinese state-sponsored hacking group called Silk Typhoon, Halfnium or UNC5221. It is suggested that they did the hacking outside of normal working hours to avoid detection. Last month, a spokesman for the Chinese Foreign Ministry called the accusation that the attack was state-sponsored.

Counterintelligence officials are still in the midst of a “comprehensive damage assessment” but Treasury employees are scheduled to brief the Senate Committee on Banking, Housing and Urban Affairs later this week.