The Business & Technology Network
Helping Business Interpret and Use Technology
Home
Newswire > OCC Notifies Congress of ‘Major Security Incident’ Involving Email Access
OCC Notifies Congress of ‘Major Security Incident’ Involving Email Access
«  

April

  »
S M T W T F S
 
 
1
 
2
 
3
 
4
 
5
 
6
 
7
 
8
 
9
 
10
 
11
 
12
 
13
 
14
 
15
 
16
 
17
 
18
 
19
 
20
 
21
 
22
 
23
 
24
 
25
 
26
 
27
 
28
 
29
 
30
 
 
 
 

OCC Notifies Congress of ‘Major Security Incident’ Involving Email Access

DATE POSTED:April 8, 2025
PYMNTS.com
Original article

The Office of the Comptroller of the Currency (OCC) said Tuesday (April 8) that it notified Congress of a “major security incident” in which there was unauthorized access to OCC emails and email attachments.

The agency discovered some unusual activity on Feb. 11, activated its incident response protocols on Feb. 12, provided public notice of the incident on Feb. 26 and, while the review is still ongoing, determined that the incident should be classified as a major incident, it said in a Tuesday press release.

“The OCC discovered that the unauthorized access to a number of its executives’ and employees’ emails included highly sensitive information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes,” the release said.

In its ongoing review, the OCC and independent third parties are analyzing the compromised email messages to determine their contents, according to the release.

The agency is working with third-party cybersecurity experts, is evaluating its current IT security policies and procedures, and is sharing information about its findings with the Department of the Treasury, per the release.

“I have taken immediate steps to determine the full extent of the breach and to remedy the long-held organizational and structural deficiencies that contributed to this incident,” Acting Comptroller of the Currency Rodney E. Hood said in the release. “There will be full accountability for the vulnerabilities identified and any missed internal findings that led to the unauthorized access.”

In its Feb. 26 public notice of the incident, the OCC said it had analyzed all email logs since 2022 and disabled a “limited number” of accounts that it identified as affected.

“The OCC reported the incident to the Cybersecurity and Infrastructure Security Agency, as required,” the notice said. “There is no indication of any impact to the financial sector at this time.”

Bloomberg reported Tuesday that hackers intercepted the emails of about 100 OCC employees for more than a year and had access to more than 150,000 emails.

It was reported Dec. 30 that Treasury Department workstations were breached earlier that month by China-backed hackers who then stole unclassified documents.

The post OCC Notifies Congress of ‘Major Security Incident’ Involving Email Access appeared first on PYMNTS.com.

PYMNTS.com
Original article
Newswire > OCC Notifies Congress of ‘Major Security Incident’ Involving Email Access

All Rights Reserved. Copyright , Central Coast Communications, Inc.