U.S. banking regulator confirms a major hacking of employee email accounts

The United States’ Office of the Comptroller of the Currency said it suffered a significant data security incident that involved cyber criminals breaching certain employees’ email accounts and stealing confidential data.

 

In a data security incident notice reported to the Congress, the Office of the Comptroller of the Currency, OCC, said that On February 11, it identified unusual interactions between a system administrative account in its office automation environment and OCC user mailboxes.

 

The following day, OCC determined that the activity was unauthorised and it “immediately activated its incident response protocols” that included launching an investigation, with help from external cyber security experts, to determine the scope of the incident. 

 

OCC said it notified the Cybersecurity and Infrastructure Security Agency (CISA) about the unauthorised activity, disabled the compromised administrative accounts and ensured that the unauthorised access had been terminated.

 

“The OCC’s investigation analysed all email logs since 2022 for due diligence. The OCC identified a limited number of affected email accounts that have since been disabled,” the agency said. “There is no indication of any impact to the financial sector at this time.”

While its investigation continues, OCC said that “based on the content of the emails and attachments reviewed thus far, the OCC, in consultation with the Department of the Treasury, determined the incident met the conditions necessary to be classified as a major incident.”

 

“The OCC discovered that the unauthorised access to a number of its executives’ and employees’ emails included highly sensitive information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes,” OCC added.

 

In a statement shared with the media, Acting Comptroller of the Currency Rodney E. Hood, said, “The confidentiality and integrity of the OCC’s information security systems are paramount to fulfilling its mission.

 

“I have taken immediate steps to determine the full extent of the breach and to remedy the long-held organisational and structural deficiencies that contributed to this incident. There will be full accountability for the vulnerabilities identified and any missed internal findings that led to the unauthorised access,” he added.