According to two individuals familiar with the matter and a draft letter to Congress seen by Bloomberg News, the hackers monitored employee emails at the Office of the Comptroller of the Currency (OCC) after entering an administrator’s account. As detailed in the draft letter, on 12 February 2025, the OCC confirmed that unauthorised activity had been present on its systems after a Microsoft security team notified it the day before regarding suspicious network behaviour.
Fast forward to 8 April 2025, the OCC informed Congress about the compromise, mentioning that it was a major information security incident. In the draft letter, representatives from the OCC emphasised that the analysis concluded that the sensitive bank information included in the emails and attachments had a high probability of resulting in demonstrable harm to public confidence.
At the time of writing, it was still unclear who exactly was responsible for the breach at the OCC. According to the same sources who requested anonymity due to the information not yet being public, the hackers infiltrated the mailboxes of senior deputy comptrollers, international banking supervisors, and other staff members. Overall, they had accessed approximately 150,000 emails from May 2023 until the incident was discovered in early 2025. Officials stated that the OCC uncovered unauthorised access to a limited number of its executives and employees’ emails that included sensitive information about the financial situation of federally regulated financial institutions leveraged in its examinations and supervisory oversight procedures.
Furthermore, the incident was reported to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). The organisation functions as the cyber unit of the Department of Homeland Security, supporting secure federal systems and sharing data about digital threats with the public and private sectors. As part of its initial disclosure, the OCC underlined that there was no indication of impact on the financial sector at that time.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now