OCC Reports Major Data Breach Exposing Sensitive Financial Emails

Hackers exploited an administrative account to access over 150,000 emails, with investigations ongoing into the breach's scope and impact.

The Office of the Comptroller of the Currency (OCC) notified Congress on April 8, 2025, of a major information security incident involving unauthorized access to its email systems.
Hackers breached the OCC systems in June 2023 by exploiting an email administrator's credentials, enabling access to over 150,000 emails containing sensitive financial data.
The compromised administrative account was disabled on February 12, 2025, following the discovery of the breach on February 11.
Exposed emails included highly sensitive information on the financial conditions of federally regulated institutions, critical to the OCC's supervisory and regulatory functions.
A separate Treasury Department breach in January 2025, linked to the Chinese state-backed group Silk Typhoon, remains under assessment, highlighting broader cybersecurity vulnerabilities.