Treasury’s OCC Says Hackers Had Access to 150,000 Emails – Source: www.securityweek.com

The US Treasury Department’s Office of the Comptroller of the Currency (OCC) on Tuesday shared information on a recently discovered email system breach that has been described as a “major incident”. 

The OCC, whose role is to regulate and supervise national and foreign banks, revealed in late February that it had become aware of a security incident involving an administrative account in its email system. 

The initial investigation revealed that a “limited number” of email accounts were affected and there was no evidence of impact on the financial sector. 

An update shared by the regulator on Tuesday provided more information on the incident, which it discovered on February 12, 2025, after learning of unusual interactions between OCC user inboxes and system admin accounts. 

An analysis showed that threat actors had gained access to emails of executives and employees, including messages containing “information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes”. 

Based on a draft letter from the OCC to Congress and information from sources, Bloomberg reported that 103 email accounts were compromised and the attackers gained access to highly sensitive financial information. 

According to the publication, Microsoft alerted the OCC of the breach in February and the investigation showed that the hackers had access to roughly 150,000 emails from May 2023 until they were discovered and their access was terminated. 

It’s unclear who is behind the attack. The Treasury Department, specifically its Committee on Foreign Investment in the US (CFIUS) and Office of Foreign Assets Control (OFAC), were previously targeted by a China-linked threat group tracked as Silk Typhoon. 

It’s unclear if the OCC hack is related to the attacks on the other two Treasury bureaus. 

Related: CRM, Bulk Email Providers Targeted in Crypto Phishing Campaign

Related: Library of Congress Says an Adversary Hacked Some Emails

Related: Google Confirms an Iranian Group Is Trying to Access Emails Linked to Both US Presidential Campaigns

Related: Treasury Levels Sanctions Tied to a Massive Hack of Telecom Companies and Breach of Its Own Network