The US Office of the Comptroller of the Currency (OCC) reported a cybersecurity breach involving unauthorized access to emails of its executives and employees. Discovered on February 11, 2025, the breach was publicly disclosed approximately two weeks later. The compromised emails contained highly sensitive information concerning the financial condition of federally regulated financial institutions.
The OCC attributed the breach to longstanding organizational and structural vulnerabilities within its information technology infrastructure. In response, the agency initiated a comprehensive review of its IT security policies and procedures to enhance defenses against future cyber threats. Acting Comptroller of the Currency, Rodney E. Hood, emphasized the need for accountability regarding the system failures that permitted the breach.
Specific details about the exploited vulnerabilities and the identity of the perpetrators have not been disclosed. But Bloomberg reported that hackers “had access to more than 150,000 emails from June 2023 until earlier this year.”
The compromised information is particularly sensitive as it pertains to the financial health of institutions regulated by the OCC. Unauthorized access to such data could have significant implications for the stability and trust in the financial sector. The OCC has not provided further specifics on the nature of the data accessed or the methods used by the attackers.
