Someone compromised US bank watchdog to access sensitive financial files – Source: go.theregister.com

A US banking regulator says sensitive financial oversight data was accessed by one or more system intruders for more than a year in what’s been described as “a major information security incident.”

The Office of the Comptroller of the Currency (OCC), the Treasury Department bureau that oversees US and foreign banks, said one of its administrative email accounts – with access to user inboxes and internal systems – was compromised, leading to data falling into the wrong hands.

The security breach came to light on February 11, when Microsoft tipped off the OCC about suspicious activity within its email accounts. The agency confirmed the next day someone had gained unauthorized access. A public notice followed weeks later, and only now is the scale of the intrusion beginning to surface.

According to the bureau, snoops accessed “highly sensitive information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes.”

The compromised admin account was disabled on February 12, the day the security breach was confirmed, and third-party forensics teams have been brought in to assess the fallout.

“The OCC learned of the unauthorized access to its email system on February 11, the day after Acting Comptroller Rodney Hood was sworn into office,” a spokesperson told The Register Wednesday.

“The agency then moved quickly to determine the breadth of the access.

“On February 25, Acting Comptroller Hood received a high-level briefing of this incident, and the OCC provided public notice of the incident the following day. At that time, Mr Hood had not been provided detailed information about the full duration of the unauthorized access, nor the specific number and content of email communications affected.

“Based on the OCC’s review of the incident, the agency today informed Congress that it determined the event met the criteria of a major incident because it involved unauthorized access to non-public OCC information and controlled unclassified information, including personally identifiable information and financial supervision information.”

• Chinese cyber-spies reportedly targeted sanctions intel in US Treasury raid
• US names Chinese national it alleges was behind 2020 attack on Sophos firewalls
• Critical PostgreSQL bug tied to zero-day attack on US Treasury
• T-Mobile US ‘monitoring’ China’s ‘industry-wide attack’ amid fresh security breach fears

It is certainly shaping up to be a serious data security failure. A draft letter to Congress, written by OCC Chief Information Officer Kristen Baldwin and seen by Bloomberg, revealed the spies had access to roughly 150,000 emails between May 2023 and early 2025, meaning they were likely snooping around for years before anyone noticed.

The OCC had no comment on that aspect, nor gave any indication about who was responsible for the incident.

While there’s no official attribution, it’s worth noting that in December 2024, the Treasury Department reported a significant intrusion into its Office of Foreign Assets Control (OFAC), responsible for sanctions enforcement. In that instance, the department explicitly attributed the attack to Chinese government agents.

“Acting Comptroller Hood is committed to a robust investigation of this incident to address any vulnerabilities identified and hold accountable any missed internal findings that led to the unauthorized access,” the OCC spokesperson told us. ®