Daniel Kritenbrink, the assistant secretary of state for EastAsia, was also hacked in the wider spying operation disclosed earlier this month by Microsoft, the report said, citing people familiar with the matter.
Asked about the reported breach of the two diplomats' accounts, the State Department declined to give any details and said its investigation of the spying operation was ongoing.
Before the WSJ report appeared, Kritenbrink was asked at a congressional hearing on U.S. China policy whether he could rule out that his or his staff's emails were targeted in the Microsoft hack.
"I can't comment on an investigation that's underway being conducted by the FBI, but no, I will not rule it out," Kritenbrink said.
Burns and Kritenbrink join U.S. Commerce Secretary Gina Raimondo as the only publicly named victims of the espionage campaign, which prompted a warning by Washington's top diplomat to his Chinese counterpart.
China's embassy in Washington did not immediately respond to a request for comment on the report, but the Chinese Ministry of Foreign Affairs previously called the earlier accusations "disinformation."
Microsoft said last week that Chinese hackers misappropriated one of its digital keys and used a flaw in its code to steal emails from U.S. government agencies and other clients.
The company did not immediately return a message seeking comment on the WSJ report.
The breach has thrown Microsoft's security practices under scrutiny, with officials and lawmakers calling on the Redmond, Washington-based company to make its top level of digital auditing, also called logging, available to all its customers free of charge.
Microsoft said in a statement late on Thursday that it was taking the criticism on board.
Last week, White House National Security Council spokesperson Adam Hodge said an intrusion in Microsoft's cloud security "affected unclassified systems," without elaborating.
"Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service," Hodge added.
The State Department "detected anomalous activity" and "took immediate steps to secure our systems," a department spokesperson said in a statement at the time.