The Office of the Comptroller of the Currency (OCC) has reported a serious cyber incident involving unauthorized access to its email systems, which it classified as a “major incident.” This breach, which occurred in February, compromised highly sensitive information concerning the financial status of institutions under federal scrutiny.

Details of the Incident

According to the OCC, the breach was detected on February 11, 2023, leading to immediate actions to secure the affected accounts. By February 12, compromised administrative accounts were disabled to prevent further access.

This incident reportedly allowed hackers to gain access to over 150,000 emails between June 2023 and early 2023, raising significant concerns about the security of sensitive financial data.

Ongoing Investigations and Responses

The OCC has engaged external cybersecurity specialists to conduct a thorough investigation into this breach and is reevaluating its IT security frameworks to mitigate future risks. Acting Comptroller of the Currency Rodney Hood expressed commitment to addressing the vulnerabilities that facilitated the breach.

“I have taken immediate steps to determine the full extent of the breach and to remedy the long-held organizational and structural deficiencies that contributed to this incident,”

Commitment to Transparency and Accountability

In light of this breach, Hood confirmed that there will be a focus on full accountability, shedding light on any missed internal findings that may have allowed unauthorized access to sensitive data.