The Office of the Comptroller of the Currency (OCC) reported on Tuesday that a hacking incident affecting its email systems in February has been classified as a “major incident,” which resulted in the exposure of “highly sensitive information.”
This breach, initially revealed and addressed in February, involved the disclosure of details concerning the “financial condition of federally regulated financial institutions,” which are crucial for the OCC’s examination and supervisory oversight functions.
The OCC, tasked with the regulation and supervision of national banks, became aware of the breach on February 11. The following day, the agency promptly disabled the compromised administrative accounts. In response to this incident, the OCC has engaged external cybersecurity specialists to conduct a thorough investigation and is reviewing its IT security policies to mitigate the risk of future breaches.
Acting Comptroller of the Currency, Rodney Hood, stated, “I have taken immediate steps to determine the full extent of the breach and to remedy the long-held organizational and structural deficiencies that contributed to this incident.”
Hood emphasized the commitment to accountability, saying, “There will be full accountability for the vulnerabilities identified and any missed internal findings that led to the unauthorized access.”
