OCC notifies Congress of info security incident

The OCC has announced it has notified Congress of a major information security incident, as required by the Federal Information Security Modernization Act. The incident was reported to the public on February 26, 2025.

On February 11, 2025, the OCC learned of unusual interactions between a system administrative account in its office automation environment and OCC user mailboxes. On February 12, the OCC confirmed the activity was unauthorized and immediately activated its incident response protocols, which include initiating an independent third-party incident assessment and reporting the incident to the Cybersecurity and Infrastructure Security Agency. On February 12, the OCC disabled the compromised administrative accounts and confirmed that the unauthorized access had been terminated.

The OCC discovered that the unauthorized access to a number of its executives’ and employees’ emails included highly sensitive information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes.

“The confidentiality and integrity of the OCC’s information security systems are paramount to fulfilling its mission,” said Acting Comptroller of the Currency Rodney E. Hood. “I have taken immediate steps to determine the full extent of the breach and to remedy the long-held organizational and structural deficiencies that contributed to this incident. There will be full accountability for the vulnerabilities identified and any missed internal findings that led to the unauthorized access.”