Report: OCC Hack Prompts Information Sharing Limits From Big Banks
A Bloomberg report released late Monday (April 14) says that JPMorgan Chase and Bank of New York Mellon have scaled back electronic information sharing with the Office of the Comptroller of the Currency (OCC) following a significant breach of the regulator’s email system.
Bloomberg cited individuals familiar with the matter. The breach, detected in mid-February but impacting over 100 accounts for more than a year, is deemed a “major incident” by the OCC and the U.S. Treasury. The compromised emails may contain highly sensitive data provided by banks, including details on their financial health, cybersecurity protections, vulnerability assessments, and even the content of National Security Letters. These letters often involve confidential information related to terrorism and espionage investigations.
According to Bloomberg, the banks’ decision to limit information sharing stems from concerns about potential security risks to their own computer networks in the wake of the OCC breach. Representatives for JPMorgan and BNY declined to comment. A spokesperson for the OCC told the network that the agency is working with third-party cybersecurity experts to review the hack and its IT security policies and is keeping supervised institutions informed. The OCC also affirmed that onsite examiners retain necessary access to bank information.
Citigroup, operating under a tighter OCC consent order, has reportedly not limited its information sharing. It remains unclear if other major banks like Bank of America, Wells Fargo and Goldman Sachs have taken similar actions as JPMorgan and BNY.
Bloomberg’s sources indicate that some banks were unaware of the breach’s full extent until recent reporting, raising questions about the OCC’s initial response and security measures. The OCC is still working to determine the exact scope of the data compromised and whether affected banks need to be notified.
The incident has drawn scrutiny from the U.S. House Financial Services Committee and the U.S. Senate Committee on Banking, Housing, and Urban Affairs, which are seeking more information from the OCC. David P. Weber, a former OCC enforcement counsel, described the banks’ actions as a “historic” challenge to the regulator’s authority, signaling a “fundamental breakdown of the examination authority of the OCC.”
Experts quoted in the Bloomberg report warn that the compromised material could be used for targeted cyberattacks or extortion against banks. The breach highlights the cybersecurity risks within the financial sector and has eroded trust between banks and their regulator. The OCC has disclosed some affected staff accounts to the banks but has not yet detailed the types of data stolen, including cybersecurity-related information.
The post Report: OCC Hack Prompts Information Sharing Limits From Big Banks appeared first on PYMNTS.com.