Hackers Intercepted 100+ Bank Regulators’ Emails for More Than a Year

Hackers intercepted and monitored the emails of over 103 bank regulators at the Office of the Comptroller of the Currency (OCC) for more than a year, gaining access to highly sensitive financial data.

The breach was discovered on February 11, 2025, when Microsoft’s security team alerted the OCC about unusual activities on its network.

The hackers had infiltrated an administrator’s account, allowing them to spy on employee communications, including those of senior deputy comptrollers and international banking supervisors.

According to a draft letter to Congress reviewed by Bloomberg News, this unauthorized access extended from June 2023 until the breach was detected and the affected accounts were disabled.

The OCC, an independent bureau within the U.S. Treasury Department, oversees national banks, federal savings associations, and foreign banks’ federal branches and agencies, which collectively manage trillions in assets.

Critical Information in Compromised Emails

The compromised emails contained critical information regarding these institutions’ financial status, potentially leading to a significant decline in public trust, as noted by OCC Chief Information Officer Kristen Baldwin in the draft letter to Congress.

This incident adds to high-profile cyber breaches targeting U.S. government entities. In December 2024, the Treasury Department disclosed that Chinese state-sponsored hackers had accessed their network through a third-party vendor, viewing unclassified documents and gaining access to former Secretary Janet Yellen’s computer.

Although it remains unclear if the OCC breach is connected to these incidents, a Bloomberg report reveals the pattern of state-sponsored cyber espionage targeting U.S. financial institutions.

The OCC has labeled this breach a “major information security incident” and has taken immediate steps to assess its full scope, engaging external cybersecurity specialists for a comprehensive review of its IT security protocols.

Acting Comptroller of the Currency Rodney Hood emphasized the need for accountability and the addressing of organizational weaknesses that contributed to this event.

Such breaches have profound implications for the security of financial data and the integrity of the national banking system.

The OCC’s role in ensuring compliance with laws and regulations and its power to enforce actions against banks underscore the critical nature of this breach.

As the investigation continues, the OCC is reviewing its cybersecurity measures to prevent future incidents. This highlights the ongoing challenge of securing sensitive government and financial data against sophisticated cyber threats.

The incident has been reported to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), which is pivotal in securing federal systems and sharing threat information.

Application Security is no longer just a defensive play, Time to Secure -> Free Webinar