U.S. financial regulator says email hack exposed sensitive data on banks
A pedestrian passes the seal of the Office of the Comptroller of the Currency displayed outside the organization’s headquarters in Washington, D.C., on March 20, 2019.
Andrew Harrer | Bloomberg | Getty Images
The Office of the Comptroller of the Currency on Tuesday said a February hack of its email systems qualified as a “major incident” and exposed “highly sensitive information.”
The breach, first disclosed and resolved in February, involved information related to the “financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes.”
The OCC, an agency that regulates and supervises national banks, said it learned of the incident on Feb. 11, and shut off compromised administrative accounts the next day. The regulator said it is using external cybersecurity experts for a full review of the incident and is launching a review of its IT security policies to prevent further attacks.
“I have taken immediate steps to determine the full extent of the breach and to remedy the long-held organizational and structural deficiencies that contributed to this incident,” said Acting Comptroller of the Currency Rodney Hood.
“There will be full accountability for the vulnerabilities identified and any missed internal findings that led to the unauthorized access,” he added.
Hackers had access to more than 150,000 emails from June 2023 until earlier this year, Bloomberg reported earlier, citing people with knowledge of the matter.
