X

OCC Notifies Congress of "Major Cybersecurity Event"

"There will be full accountability for the vulnerabilities identified and any missed internal findings that led to the unauthorized access."
Rodney E. Hood, Acting Comptroller of the Currency
"There will be full accountability for the vulnerabilities identified and any missed internal findings that led to the unauthorized access."
Rodney E. Hood, Acting Comptroller of the Currency

The Office of the Comptroller of the Currency notified Congress of a major information security incident involving unauthorized access to internal emails. 

In a news release, the OCC stated that on February 11, 2025, it detected "unusual interactions" between a system administrative account and user mailboxes. The OCC said that the agency confirmed the access was "unauthorized" and activated its incident response protocols, which included disabling compromised accounts, engaging third-party cybersecurity experts and notifying the Cybersecurity and Infrastructure Security Agency.

The breach involved emails containing "highly sensitive information" about federally regulated financial institutions. After consulting with the Department of the Treasury, the OCC determined that the incident met the criteria for a major cybersecurity event.

The OCC said it is conducting a comprehensive review of its "IT security policies" and committed to strengthening its ability to prevent future incidents.

 

Primary Sources

  1. OCC: News Release: OCC Notifies Congress of Incident Involving Email System

Tags

Regulated Activities
Data Protection / Cybersecurity
Regulated Entities
Banking Entities Banking Organizations
Body of Law
Banking Law
Jurisdiction
US - Federal
Organization
US Banking Regulators
Sub-Author
Comptroller