The U.S. Treasury Department’s Office of the Comptroller of the Currency (OCC) has disclosed details about a recent email system breach
which it described as a “major incident.” The OCC, responsible for regulating and supervising national and foreign banks, first became aware of the breach in late February 2025.
According to the agency, the breach involved an administrative account within its email system. Initially, investigators found that only a limited number of email accounts were compromised, and there was no immediate indication that the broader financial sector had been impacted.
However, an update released by the OCC on Tuesday revealed that the breach was discovered on February 12, 2025. The agency had noticed unusual interactions between user inboxes and system administrator accounts, prompting a deeper investigation.
The analysis showed that threat actors had accessed emails belonging to OCC executives and staff. Some of these emails reportedly contained sensitive information regarding the financial condition of federally regulated financial institutions—data used in the OCC’s examination and oversight responsibilities.
A draft letter from the OCC to Congress and additional sources cited by Bloomberg revealed that 103 email accounts had been compromised. The attackers reportedly gained access to around 150,000 emails dating back to May 2023 before their access was cut off.
Microsoft was the first to alert the OCC of the breach in February. Despite the detailed findings, the identity of the attackers remains unknown. While previous attacks on other Treasury entities—such as the Committee on Foreign Investment in the U.S. (CFIUS) and the Office of Foreign Assets Control (OFAC)—have been linked to the China-based threat group Silk Typhoon, it remains unclear whether the OCC breach is connected.
Found this article interesting? Follow us on X(Twitter) and FaceBook to read more exclusive content we post.
