A major cybersecurity breach at the Office of the Comptroller of the Currency exposed over 150,000 emails containing sensitive bank information to hackers for more than a year before being discovered in February.
At a Glance
- Hackers accessed emails of approximately 103 bank regulators at the OCC from June 2023 until February 2025
- The breach exposed highly sensitive information about federally regulated financial institutions
- The incident was discovered on February 11, with compromised administrative accounts disabled the following day
- Acting Comptroller Rodney Hood is implementing full reviews of security policies and promising accountability
- External cybersecurity experts have been hired to investigate the full extent of the breach
Sensitive Banking Information Exposed
The Office of the Comptroller of the Currency (OCC), which regulates all national banks and federal savings associations, reported unauthorized access to its email system in a significant cybersecurity breach. The hackers gained access to over 150,000 emails containing crucial information about the financial condition of federally regulated banks and financial institutions. The breach began in June 2023 and continued undetected until Microsoft’s security team alerted the OCC about unusual network activity in February 2025.
This security incident has been classified as a “major incident” in consultation with the Treasury Department. The compromised emails belonged to approximately 103 bank regulators, including several OCC executives and employees. According to sources familiar with the matter, the attackers gained this extensive access after breaking into an administrator’s account, creating a backdoor to thousands of sensitive communications about the nation’s banking system.
Discovery and Immediate Response
The OCC discovered the breach on February 11, 2025, after Microsoft’s security team notified them of unusual network behavior the previous day. The agency promptly disabled the compromised administrative accounts on February 12 to prevent further unauthorized access. In accordance with federal requirements, the OCC reported the breach to Congress, acknowledging the severity of the situation and the sensitive nature of the exposed information.
The OCC has not publicly disclosed many details about the breach, as the information is considered highly confidential. Sources familiar with the situation indicated that the hackers had extensive access to internal communications that contained sensitive financial data about institutions regulated by the OCC. The agency is now working to understand exactly what information was compromised and the potential implications for national banking security.
Investigation and Remediation Efforts
The OCC has engaged external cybersecurity experts to conduct a comprehensive review of the incident and help strengthen defenses against future attacks. The investigation aims to determine how the attackers initially gained access, what vulnerabilities were exploited, and what specific information may have been compromised. Acting Comptroller Hood has emphasized that the agency is evaluating all current IT security policies to identify and close gaps that may have facilitated the breach.
The incident raises significant concerns about cybersecurity at federal financial regulators. The OCC oversees approximately 1,200 national banks, federal savings associations, and federal branches of foreign banks, collectively holding $14.5 trillion in assets. This represents approximately 65 percent of all commercial banking assets in the United States. The breach potentially exposed information about regulatory examinations, enforcement actions, and confidential bank financial data that could be exploited by malicious actors.
Long-term Security Improvements
In response to the breach, the OCC is implementing extensive changes to its cybersecurity infrastructure and protocols. These measures include enhanced monitoring systems, stricter access controls for administrative accounts, and more frequent security assessments. The agency is also reviewing its incident response procedures to ensure faster detection and containment of potential future breaches. Training programs for all staff members are being expanded to improve security awareness and prevent similar incidents.
The OCC has assured Congress and the public that addressing this breach is its highest priority. Acting Comptroller Hood has pledged complete transparency about the findings of the investigation and the steps being taken to prevent similar incidents in the future. The agency is also coordinating with other financial regulators and law enforcement to share information about the attack and strengthen the overall security posture of the financial regulatory system.
