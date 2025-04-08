The Office of the Comptroller of the Currency notified Congress on Tuesday of a "major" security breach of its email system earlier this year.

The OCC was made aware of "unusual interactions between a system administrative account in its office automation environment and OCC user mailboxes" on Feb. 11 and confirmed that the "activity was unauthorized" on Feb. 12, according to a press release.

At that point, OCC "activated its incident response protocols," which the independent bureau said include "initiating an independent third-party incident assessment and reporting the incident to the Cybersecurity and Infrastructure Security Agency."

The OCC also "disabled the compromised administrative accounts and confirmed that the unauthorized access had been terminated" on Feb. 12.

"The confidentiality and integrity of the OCC's information security systems are paramount to fulfilling its mission," acting Comptroller of the Currency Rodney E. Hood said in a statement.

"I have taken immediate steps to determine the full extent of the breach and to remedy the long-held organizational and structural deficiencies that contributed to this incident. There will be full accountability for the vulnerabilities identified and any missed internal findings that led to the unauthorized access."

Once the breach had been confirmed, the OCC said it "immediately began analyzing the compromised email messages to determine their contents," using internal data scientists and independent third parties.

"While that review is ongoing, based on the content of the emails and attachments reviewed thus far, the OCC, in consultation with the Department of the Treasury, determined the incident met the conditions necessary to be classified as a major incident," the release said.

Unauthorized access to OCC executive and employee emails "included highly sensitive information" related to "the financial condition of federally regulated financial institutions" used in bureau "examinations and supervisory oversight processes."

According to OCC, third-party cybersecurity experts are performing a "full review of the investigation and forensics efforts" and the bureau has launched an assessment of its current cybersecurity policies and procedures in an effort "to improve its ability to prevent, detect and remediate potential security incidents going forward."

Additionally, the OCC is looking to have another third party examine its "internal processes related to cyber incidents."

Public notice of the incident was provided on Feb. 26, according to the release. The OCC was established by the National Currency Act of 1863 and charters, regulates, and supervises all national banks and federal thrift institutions and the federally licensed branches and agencies of foreign banks in the United States. It is an independent bureau housed within the Treasury Department.