The major information security incident involving the U.S. Treasury Department’s Office of the Comptroller of the Currency (OCC) has captured the attention of Congress, with reports indicating that about 150,000 department emails were accessed by threat actors. Initially described as a “limited” incident, the breach has now been classified as a major incident, signaling the seriousness of the situation.
The breach, which occurred over a period from June 2023 until it was discovered and mitigated earlier this year, allowed unknown hackers to gain access to approximately 100 bank regulators’ accounts and a staggering 150,000 emails. This breach raises concerns about the security of sensitive financial information, as the OCC oversees all national banks, federal savings associations, and federal branches and agencies of foreign banks.
The OCC first became aware of the breach on February 11, 2025, when unusual interactions were detected between a system administrative account and OCC user mailboxes. Following the confirmation of unauthorized activity, the agency initiated its incident response protocols, which included disabling compromised administrative accounts and terminating unauthorized access. Additionally, an independent third-party incident assessment was engaged, and the incident was reported to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
As the investigation into the breach continues, it has been determined that the compromised emails contained highly sensitive information related to the financial condition of federally regulated financial institutions. This information is crucial for the OCC’s examinations and supervisory oversight processes, highlighting the severity of the breach and the potential impact on the financial sector.
This incident is not the first time the Treasury Department has faced cybersecurity challenges, as a previous breach reported in December 2024 was attributed to China-linked hackers. These threat actors have also been associated with attacks on U.S. telecom networks, infiltration of critical infrastructure, and email breaches of senior U.S. government officials handling relations with the People’s Republic of China (PRC). The outgoing CISA Director, Jen Easterly, emphasized the ongoing threat posed by these actors and the need for robust cyber defense measures across public and private sectors.
The breach at the OCC underscores the importance of cybersecurity measures within government agencies and financial institutions, as well as the continuous efforts needed to defend against evolving threats. With the potential implications for the security of financial institutions and the broader financial sector, it is essential for organizations to remain vigilant and proactive in safeguarding sensitive information from unauthorized access and cyber threats.