Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Email Security

Treasury’s OCC Says Hackers Had Access to 150,000 Emails

The Office of the Comptroller of the Currency (OCC) has disclosed an email security incident in which 100 accounts were compromised for over a year. 

OCC email hack

The US Treasury Department’s Office of the Comptroller of the Currency (OCC) on Tuesday shared information on a recently discovered email system breach that has been described as a “major incident”. 

The OCC, whose role is to regulate and supervise national and foreign banks, revealed in late February that it had become aware of a security incident involving an administrative account in its email system. 

The initial investigation revealed that a “limited number” of email accounts were affected and there was no evidence of impact on the financial sector. 

An update shared by the regulator on Tuesday provided more information on the incident, which it discovered on February 12, 2025, after learning of unusual interactions between OCC user inboxes and system admin accounts. 

An analysis showed that threat actors had gained access to emails of executives and employees, including messages containing “information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes”. 

Based on a draft letter from the OCC to Congress and information from sources, Bloomberg reported that 103 email accounts were compromised and the attackers gained access to highly sensitive financial information. 

According to the publication, Microsoft alerted the OCC of the breach in February and the investigation showed that the hackers had access to roughly 150,000 emails from May 2023 until they were discovered and their access was terminated. 

It’s unclear who is behind the attack. The Treasury Department, specifically its Committee on Foreign Investment in the US (CFIUS) and Office of Foreign Assets Control (OFAC), were previously targeted by a China-linked threat group tracked as Silk Typhoon

Advertisement. Scroll to continue reading.

It’s unclear if the OCC hack is related to the attacks on the other two Treasury bureaus. 

Related: CRM, Bulk Email Providers Targeted in Crypto Phishing Campaign

Related: Library of Congress Says an Adversary Hacked Some Emails

Related: Google Confirms an Iranian Group Is Trying to Access Emails Linked to Both US Presidential Campaigns

Related: Treasury Levels Sanctions Tied to a Massive Hack of Telecom Companies and Breach of Its Own Network

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Wendi Whitmore has taken the role of Chief Security Intelligence Officer at Palo Alto Networks.

Phil Venables, former CISO of Google Cloud, has joined Ballistic Ventures as a Venture Partner.

David Currie, former CISO of Nubank and Klarna, has been appointed CEO of Vaultree.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.