The US Treasury’s OCC disclosed an undetected major email breach for over a year securityaffairs.com/176373/da…

The US Treasury’s Office of the Comptroller of the Currency (OCC) disclosed an undetected major email breach for over a year. The cybersecurity incident involved unauthorized access to emails via a compromised admin account.

The breach was confirmed on Feb. 12, 2025, triggering incident response and reporting to CISA. Affected accounts were disabled.

The OCC reviewed email logs since 2022, disabled impacted accounts, and reported the breach to CISA. No impact on the financial sector was found.

After confirming the breach, the OCC began analyzing compromised emails with internal and external experts. Some contained sensitive financial data, leading the OCC and Treasury to classify the incident as a major one. The review process is still ongoing.

“The confidentiality and integrity of the OCC’s information security systems are paramount to fulfilling its mission,” said Acting Comptroller of the Currency Rodney E. Hood. “I have taken immediate steps to determine the full extent of the breach and to remedy the long-held organizational and structural deficiencies that contributed to this incident. There will be full accountability for the vulnerabilities identified and any missed internal findings that led to the unauthorized access.”

Threat actors accessed 103 OCC employee emails for over a year via a compromised admin account, exposing sensitive financial data.