140/68 Friday, April 11, 2025
The Office of the Comptroller of the Currency (OCC), an agency under the U.S. Department of the Treasury, has confirmed a serious email security breach that remained undetected for over a year. The incident involved unauthorized access to more than 103 staff email accounts through a compromised administrator account, which was only discovered after Microsoft’s security team alerted OCC to suspicious activity on February 11, 2025.
According to Bloomberg, the attackers were able to access email correspondence belonging to senior OCC officials, including sensitive communications related to the oversight of federally regulated financial institutions. The breach is believed to have impacted approximately 150,000 emails, spanning from May 2023 to early 2025. Following the discovery, OCC launched an internal and external investigation, reported the incident to the Cybersecurity and Infrastructure Security Agency (CISA), and immediately disabled all affected accounts.
While OCC stated that the breach did not impact the broader financial system, it classified the incident as a “major event” due to the potential exposure of sensitive financial regulatory data. Acting Comptroller Rodney E. Hood emphasized the agency’s commitment to cyber integrity, stating, “The OCC is fully committed to the confidentiality and integrity of its cybersecurity systems and will thoroughly assess and remediate any vulnerabilities that may have contributed to this incident.” At this time, the identity of the threat actor has not been disclosed, and it remains unclear whether the attack is linked to China-based hacking groups, which have previously targeted other U.S. Treasury departments.
