Hackers breach U.S. Treasury’s OCC email system, exposing sensitive financial data

The U.S. Treasury Department’s Office of the Comptroller of the Currency (OCC) has confirmed a cybersecurity breach involving unauthorized access to executive and staff email accounts, attributing the incident to longstanding vulnerabilities in its information systems.

The OCC, the federal agency responsible for regulating and supervising national banks, federal savings associations, and foreign bank branches in the United States, disclosed that the breach exposed highly sensitive information relating to the financial health of federally regulated financial institutions.

According to a statement from the agency, the breach was first detected on February 11, 2025, and formally disclosed to Congress approximately two weeks later. The unauthorized access reportedly originated from an administrative account within the OCC’s email system.

While the OCC has said there is currently no indication that the breach affected the broader financial sector, the nature of the data accessed has raised concerns about potential exposure of confidential regulatory and financial information.

“The compromise of these email accounts is deeply concerning, especially given the critical role the OCC plays in overseeing the integrity and stability of the national banking system,” said Acting Comptroller of the Currency Rodney E. Hood. “Long-held organizational and structural deficiencies contributed to this incident, and there will be accountability for the vulnerabilities and missed opportunities that enabled it.”

Hood’s comments point to systemic issues within the OCC’s cybersecurity framework that, according to the agency, have remained unaddressed over time. The agency has not, however, disclosed the specific technical weaknesses that were exploited, nor has it identified any individuals or groups suspected of being behind the attack.

In response to the breach, the OCC announced the immediate launch of a comprehensive review of its IT security policies and procedures. The review aims to enhance the agency’s capabilities to prevent, detect, and respond to future cyber threats.

“This evaluation will be thorough, urgent, and focused on closing gaps in both our technology and our governance,” the agency said in its statement.

The OCC has not provided additional technical details about the breach or responded to requests for further information. The agency’s silence on the potential scope of the exposure and the identity of the attackers leaves many unanswered questions as federal authorities continue their investigation.