April 2025 — Washington, D.C.
In a significant cybersecurity incident, the U.S. Office of the Comptroller of the Currency (OCC) disclosed that over 100 email accounts belonging to its executives and staff were compromised, exposing highly sensitive information related to federally regulated financial institutions.
Prolonged Undetected Breach
The breach was first identified on February 11, 2025, when the OCC detected unusual activity involving a system administrative account interacting with user mailboxes. Upon confirmation of unauthorized access on February 12, the OCC activated its incident response protocols, disabled the compromised accounts, and reported the incident to the Cybersecurity and Infrastructure Security Agency (CISA).
Subsequent investigations revealed that the unauthorized access began as early as May or June 2024, allowing attackers to access approximately 150,000 emails from around 100 to 103 accounts, including those of senior OCC executives and employees.
Classification as a Major Incident
On April 8, 2025, the OCC formally notified Congress, classifying the breach as a “major information security incident” under the Federal Information Security Modernization Act (FISMA). The compromised emails contained highly sensitive information concerning the financial condition of federally regulated financial institutions, used in the OCC’s examinations and supervisory oversight processes.
Acting Comptroller of the Currency Rodney E. Hood acknowledged that “long-held organizational and structural deficiencies” contributed to the incident and committed to full accountability for the vulnerabilities identified.
Industry Response and Communication Gaps
In the wake of the breach, major U.S. banks, including JPMorgan Chase, Bank of America, and Bank of New York Mellon, scaled back electronic information-sharing with the OCC due to concerns over the security of the regulator’s email system. Some banks were not directly informed of the breach and only learned about it through media reports, leading to frustration over the OCC’s communication and response to the incident.
Steps Toward Remediation
The OCC has initiated a comprehensive review of its IT security policies and procedures, engaging third-party cybersecurity experts to assess and enhance its defenses against future cyber threats. The agency is also working with the Department of the Treasury to evaluate the breach’s impact and improve inter-agency coordination.
Broader Implications
This breach underscores the persistent and sophisticated cyber threats facing government agencies that handle critical national economic and security information. It highlights the necessity for robust cybersecurity measures, including effective patch management, multi-factor authentication, and secure communication protocols, not only within financial institutions but also among the regulators overseeing them.
As the financial industry continues to digitize, ensuring the security and integrity of regulatory bodies like the OCC is paramount to maintaining public confidence in the financial system.
