Summary: The OCC has reported a major email system breach impacting 103 of its email accounts, with unauthorized access occurring from May 2023 until detection on February 12, 2025. Sensitive financial information related to federally regulated institutions was accessed, but no immediate impact on the financial sector has been identified. The origins of the attack are still unknown, raising concerns about potential links to previous threats against the Treasury Department.
Affected: Office of the Comptroller of the Currency (OCC)
Keypoints :
- Initial breach involved a limited number of email accounts in the OCC’s system.
- Access included sensitive communications regarding financial conditions of regulated institutions.
- The breach was identified through unusual interactions within user inboxes and system admin accounts.
- Microsoft alerted the OCC about the compromise and the potential threat, leading to further investigation.
- It is uncertain whether this breach is related to previous attacks on other Treasury Department entities.
Source: https://www.securityweek.com/treasurys-occ-says-hackers-had-access-to-150000-emails/