U.S. Financial Regulator Reports Cyberattack Exposing Sensitive Email Data

The U.S. Treasury Department’s Office of the Comptroller of the Currency (OCC) disclosed on Tuesday that a cybersecurity breach in February exposed sensitive data related to financial entities. The incident, which involved unauthorized access to email accounts of OCC executives and staff, has been mitigated, and the financial regulator has released further details about the vulnerability.

In an official announcement, the OCC—the agency that supervises and regulates banks in the country—explained that, as required by the Federal Information Security Modernization Act, it has reported a “major information security incident” to Congress.

The OCC explained that on February 11, it learned about unauthorized access from emails and email attachments and, after confirming unapproved interactions on February 12, immediately activated security protocols, disabling the compromised accounts and terminating the unauthorized access.

The investigation pursued by the OCC and independent third-party cybersecurity experts revealed that malicious actors got access to employees’ and executives’ emails with “highly sensitive information relating to the financial condition of federally regulated financial institutions.”

The agency first reported the email system incident on February 26 to the Cybersecurity and Infrastructure Security Agency, clarifying that it had no impact on the financial sector. The threat has been mitigated, but evaluations and updates are ongoing.

“I have taken immediate steps to determine the full extent of the breach and to remedy the long-held organizational and structural deficiencies that contributed to this incident,” said Acting Comptroller of the Currency Rodney E. Hood. “There will be full accountability for the vulnerabilities identified and any missed internal findings that led to the unauthorized access.”

The OCC is currently analysing its IT security policies and procedures, and looking for alternatives to prevent similar incidents and enhance security.

Several cyberattacks targeting email users and systems have been reported this month. A few days ago, cybersecurity firm Symantec revealed a phishing campaign using fake shipping emails and a disguised screensaver file, and ASEC identified another cyberattack targeting job seekers.