1 week ago
10
The agency has initiated a review of the compromised emails to assess their content, employing both internal data science experts and independent third-parties.
The OCC first publicly disclosed the incident on 26 February 2025. (Photo: Shutterstock)
The Office of the Comptroller of the Currency (OCC) has formally notified the US Congress of a ‘major’ cybersecurity breach affecting its email system, in compliance with the Federal Information Security Modernization Act (FISMA). The incident involved unauthorised access to emails and attachments of OCC personnel, following detection of suspicious activity within the agency’s office automation environment.
This comes after Bloomberg reported, citing individuals familiar with the matter, that attackers gained access to an OCC administrative account and monitored employee emails from June 2023 until early 2025. The breach reportedly affected the mailboxes of senior deputy comptrollers, international banking supervisors, and other staff, with more than 150,000 emails accessed.
The OCC, which operates as an independent bureau within the US Department of the Treasury, supervises national banks, federal savings associations, and federal branches of foreign banks. It holds oversight of institutions collectively managing trillions of dollars in assets.
Incident prompts broader security review across OCC
The OCC identified unusual behaviour on 11 February 2025, involving a system administrative account interacting with user mailboxes. The next day, the activity was confirmed to be unauthorised, triggering the OCC’s incident response protocol. This included initiating an independent third-party incident assessment and reporting to the Cybersecurity and Infrastructure Security Agency.
The compromised accounts were disabled on 12 February, and the breach was contained. The OCC publicly disclosed the incident on 26 February. The agency then began a review of the compromised emails to assess their content, employing both internal data science experts and independent third parties.
Based on the data reviewed so far, the OCC determined, together with the Department of the Treasury, that the breach qualifies as a ‘major incident’ under FISMA. The review remains ongoing.
“The confidentiality and integrity of the OCC’s information security systems are paramount to fulfilling its mission,” said Acting Comptroller of the Currency Rodney E. Hood. “I have taken immediate steps to determine the full extent of the breach and to remedy the long-held organisational and structural deficiencies that contributed to this incident. There will be full accountability for the vulnerabilities identified and any missed internal findings that led to the unauthorised access.”
The OCC has engaged third-party cybersecurity firms to conduct a forensic investigation and assist in reviewing internal security practices. An additional independent third-party assessment is being planned to evaluate and strengthen the OCC’s cybersecurity protocols.
The incident follows a separate disclosure by the Treasury in December 2024, which reported a cyberattack by suspected Chinese state-sponsored actors. That breach involved access to unclassified documents and systems, including a computer formerly used by ex-Treasury Secretary Janet Yellen. It is not yet confirmed whether the two incidents are connected.
Read more: US Treasury confirms cybersecurity breach linked to Chinese hackers
More Relevant
close
Sign up to the newsletter: In Brief
Your corporate email address *
I would also like to subscribe to:
Vist our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
