The Office of the Comptroller of the Currency (OCC), a division of the US Treasury Department that oversees national banks, has confirmed a major security breach involving the email accounts of its executives and staff. The agency notified Congress about the incident yesterday (Tuesday), describing it as a “major information security incident.”

Hack into Regulator’s Computers

The OCC first noticed the breach on 11 February 2025, identifying “unusual interactions between a system administrative account in its office automation environment and OCC user mailboxes.” The following day, it confirmed the activity was unauthorised and activated its incident response procedures. The compromised administrative account was disabled shortly after.

“While that review is ongoing, based on the content of the emails and attachments reviewed so far, the OCC, in consultation with the Department of the Treasury, determined the incident met the conditions necessary to be classified as a major incident,” the agency stated in a press release.

The attackers accessed email accounts of several executives and employees, including messages containing “highly sensitive information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes.”

According to Bloomberg, the attackers may have accessed over 150,000 emails, suggesting the breach might date back as far as June 2023.

Treasury’s Cybersecurity Weaknesses

This is not the first time the Treasury’s systems have been breached. Last December, the agency reported another attack to Congress, in which a Chinese state-linked hacker allegedly accessed unclassified documents.

In that case, the attacker got into the system through a third-party cybersecurity provider.

A spokesperson for the Chinese embassy in Washington, D.C., denied the claims, telling the BBC it was a “smear attack” without any factual basis. They also said it is hard to trace cyberattacks back to a specific origin.

Source: Finance Magnates