Unauthorized access to the emails of senior officials of the U.S. banking regulator

A group of hackers has accessed to sensitive information after penetrating in the email system used by the U.S. Office of the Comptroller of the Currency (OCC). The OCC notified Congress on Tuesday, April 8 of a serious security incident that was first announced in February. This agency is an independent bureau within the Treasury Department that regulates all U.S. banks, federal savings associations and foreign bank branches.

The OCC discovered that unauthorized access to the emails of several of its executives and employees included highly sensitive information regarding the banking condition of federally regulated financial institutions used in its examinations and supervisory processes. The hackers, as yet unidentified, had access to the email accounts of about 100 senior officials and more than 150,000 emails dating back to June 2023.

To manage the incident, OCC engaged cybersecurity experts from the Cybersecurity and Infrastructure Security Agency (CISA). The first detection of the incident was on February 11, when unusual interactions were seen between a system administrative account in its office automation environment and the mailboxes of OCC users. Upon this discovery, the following day the affected systems were isolated, the compromised users' accounts were deactivated and unauthorized access was blocked.