OCC Discloses Major Data Breach Affecting Sensitive Financial Information

The Office of the Comptroller of the Currency (OCC), responsible for regulating and supervising national banks, informed Congress about a significant information security incident that occurred in February. The agency described the event as a "major information security incident."

The breach was initially detected in February. The OCC identified unusual activity involving a system administrative account within its office automation environment and user mailboxes. Reports indicate that the hackers gained access to over 150,000 emails after breaching the system in June 2023.

Acting Comptroller of the Currency Rodney Hood emphasized the importance of maintaining the confidentiality and integrity of the OCC's information security systems to fulfill its mission. The OCC discovered the incident on February 11th and promptly disabled the compromised administrative accounts the following day.

The unauthorized access included sensitive information related to the financial condition of federally regulated financial institutions, which is used in examinations and supervisory oversight processes. The OCC has engaged third-party cybersecurity experts to review its IT security protocols and prevent future attacks.

Hood stated that immediate steps have been taken to assess the full extent of the breach and address the organizational and structural deficiencies that contributed to the incident. He also assured that there would be accountability for the identified vulnerabilities and any internal findings that were missed, leading to the unauthorized access. The OCC has been coordinating with the Treasury Department to share information about its findings throughout the review process.