The Office of the Comptroller of the Currency experienced a significant email system security breach, according to the agency, which notified Congress of the hack Tuesday.
According to an agency release, a high-level user account with administrative privileges over the OCC's email system was breached, revealing highly sensitive information about one of the banks regulated by the OCC. The OCC regulates nationally chartered banks, which include some of the largest and most systemically important firms in the country.
"The OCC discovered that the unauthorized access to a number of its executives' and employees' emails included highly sensitive information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes." the agency said in a release. "The OCC has utilized third-party cybersecurity experts to perform a full review of the investigation and forensics efforts [and] is also launching an immediate and thorough evaluation of its current IT security policies and procedures to improve its ability to prevent, detect and remediate potential security incidents going forward."
The agency says the breach was detected after internal and third-party reviews of OCC emails revealed that an as-of-yet unidentified party gained unauthorized access to emails within the agency's internal system. The breach began on February 11, 2025, when unusual activity between a system administrator's account and staff mailboxes was identified.
The OCC says it promptly initiated incident response protocols following the breach, including a third-party investigation and notification to the Cybersecurity and Infrastructure Security Agency. By February 12, OCC said, compromised administrative accounts were disabled.
In consultation with the Treasury Secretary, the agency says, the breach was classified as a major incident due to the nature of the exposed data, prompting the OCC to enhance its IT security and consult with third-party experts to address vulnerabilities. The agency is also conducting a review of its cybersecurity policies and working with the Treasury Department to assess the breach's impact and improve future defenses.
"The confidentiality and integrity of the OCC's information security systems are paramount to fulfilling its mission," said Acting Comptroller of the Currency Rodney E. Hood. "I have taken immediate steps to determine the full extent of the breach and to remedy the long-held organizational and structural deficiencies that contributed to this incident. There will be full accountability for the vulnerabilities identified and any missed internal findings that led to the unauthorized access."
The breach at the OCC is not the first major cybersecurity incident involving a key U.S. agency under the Trump administration, and is the second known hack at the Treasury department — within which OCC is housed — this year.
The January breach was significant for the hackers' use of an advanced persistent threat method of attack, allowing them to remain undetected within a system for months, gradually transferring sensitive information from the system. Both incidents highlight the ongoing risk of vulnerabilities in federal cybersecurity systems, particularly in the reliance on third-party services.
