Federal bank regulators at the Office of the Comptroller of the Currency (OCC) are scrambling to contain a massive cybersecurity breach that exposed highly sensitive financial data for over a year before being discovered.
At a Glance
- Hackers gained unauthorized access to over 150,000 emails from approximately 103 bank regulators at the OCC
- The breach began in June 2023 and continued until February 2024, exposing highly sensitive financial institution data
- Microsoft’s security team initially detected suspicious network activity, leading to the discovery
- The OCC has classified this as a “major incident” and has disabled compromised administrative accounts
- Acting Comptroller Rodney Hood promised accountability and a thorough review of security vulnerabilities
Yearlong Unauthorized Access Exposed Critical Financial Data
The Office of the Comptroller of the Currency, the federal agency responsible for regulating all national banks and federal savings associations, has reported a major cybersecurity breach involving its internal email systems. The unauthorized access, which began in June 2023 and continued until February 2024, exposed highly sensitive information related to the financial condition of federally regulated financial institutions. The breach was first discovered on February 11, 2024, after Microsoft’s security team alerted the OCC to unusual network behavior.
According to sources familiar with the matter, hackers intercepted emails from approximately 103 bank regulators over the course of more than a year. The breach compromised over 150,000 emails containing sensitive financial information. The attackers gained this extensive access after successfully breaking into an administrator’s account, which gave them broad permissions within the system. The day after discovering the breach, the OCC disabled the compromised administrative accounts in an attempt to limit further damage.
Federal Response and Investigation Underway
The OCC has officially notified Congress about the breach, which has been classified as a “major incident” in consultation with the Treasury Department. This classification triggers specific reporting requirements and response protocols for federal agencies. The agency is now working alongside external cybersecurity experts to fully investigate the scope of the breach, identify all compromised data, and implement additional security measures to prevent similar incidents in the future.
“I have taken immediate steps to determine the full extent of the breach and to remedy the long-held organizational and structural deficiencies that contributed to this incident.” said Rodney Hood.
Acting Comptroller of the Currency Rodney Hood has emphasized that there will be a thorough review of existing IT security policies and practices. The review aims to identify weaknesses in the current security framework that may have allowed attackers to maintain access for such an extended period without detection. While specific details about the hackers’ identities or motives have not been publicly disclosed, the investigation is ongoing to determine the full extent of information compromised.
Accountability and Future Preventive Measures
Hood has promised full accountability for the security failures that led to this breach. The OCC is conducting an internal review to identify any missed warning signs or structural weaknesses that contributed to the vulnerability. This incident raises serious concerns about the security of sensitive financial data housed within federal regulatory agencies and highlights potential systemic weaknesses in government cybersecurity protocols.
“There will be full accountability for the vulnerabilities identified and any missed internal findings that led to the unauthorized access.” Hood added.
The breach at the OCC, which regulates and supervises all national banks, federal savings associations, and federal branches of foreign banks, could have far-reaching implications for the financial sector. The compromised information included “highly sensitive information” related to the financial condition of regulated institutions. The banking industry and financial markets are watching closely to see if any of this sensitive information will be exploited by the attackers or released publicly, which could potentially impact market stability and consumer confidence in banking systems.
