The Office of the Comptroller of the Currency (OCC), the U.S. Treasury Department’s regulator for national and foreign banks, has confirmed a major cybersecurity breach involving its internal email system. The incident, which went undetected for nearly a year, exposed highly sensitive information tied to financial institutions under federal oversight.
The breach, first uncovered on February 12, 2025, was flagged after investigators noticed unusual activity between administrative accounts and user inboxes. The OCC revealed that 103 email accounts were compromised, giving threat actors access to a trove of around 150,000 emails. These messages reportedly contained critical financial data used by OCC staff during examinations and supervisory reviews.
Initially, the OCC described the breach as affecting only a “limited number” of accounts and stated there was no indication that the broader financial sector was impacted. However, further analysis exposed the broader scale and potential consequences of the intrusion.
According to Bloomberg, which reviewed a draft congressional letter and spoke to inside sources, the compromised accounts included those belonging to executives and key employees. The stolen communications reportedly held non-public insights into the financial health of several federally regulated banks.
Microsoft was the first to notify the OCC of the breach. Based on internal timelines, hackers had access to the OCC’s systems from May 2023 until the breach was discovered and access was cut off earlier this year.
So far, the identity of the attackers remains unknown. It’s also unclear whether the intrusion is linked to previous hacks targeting other Treasury divisions. In recent years, the Treasury’s Committee on Foreign Investment in the U.S. (CFIUS) and the Office of Foreign Assets Control (OFAC) were both attacked by a China-linked group identified as Silk Typhoon.
Although there’s no confirmation connecting the OCC incident to those past campaigns, the scale and sensitivity of the data involved raise significant national security concerns. The breach could have implications for the integrity of financial oversight and regulatory processes across the U.S. banking system.
The OCC says it is continuing its investigation and is working with federal cybersecurity experts to assess the full impact. It has also begun notifying relevant stakeholders and taking steps to prevent similar attacks in the future.
