Office of the Comptroller of the Currency notifies Congress of major email system security incident

The Office of the Comptroller of the Currency (OCC) notified Congress of a major information security incident involving unauthorized access to OCC emails and email attachments, as required by the Federal Information Security Modernization Act. The classification as a “major incident” followed internal and independent third-party reviews and consultation with the US Department of the Treasury. The OCC detected unusual interactions on 11 February 2025 between a system administrative account and user mailboxes, confirmed the activity was unauthorized on 12 February, and activated incident response protocols, including an independent third-party assessment and reporting to the Cybersecurity and Infrastructure Security Agency. Compromised administrative accounts were disabled on 12 February and the OCC confirmed the unauthorized access had been terminated, with public notice issued on 26 February. Review of the affected email content remains ongoing, but the OCC said the intrusion included highly sensitive information about the financial condition of federally regulated financial institutions used in its examination and supervisory oversight processes. The OCC has engaged third-party cybersecurity experts to review investigation and forensics work and is undertaking an immediate evaluation of IT security policies and procedures. It is also seeking an additional independent third-party assessment focused on internal processes related to cyber incidents and has been coordinating its findings with the Department of the Treasury.