A Major Cyberattack on a Critical U.S. Financial Agency
Hackers broke into the email system of the U.S. main banking regulator, the OCC. They spied on sensitive messages for nearly two years. This major breach affected emails with private and confidential details about U.S. banks and financial institutions.
The OCC is part of the U.S. Department of the Treasury. It watches over national banks and savings associations to make sure they follow laws and stay safe. Hackers secretly read emails from OCC workers, including top executives. These emails had important information for inspections and overseeing banks.
Officials say the email spying began in May 2023. It went unnoticed until February 2025. A Microsoft security team spotted something strange. They told the OCC about unusual activity with a powerful system account. This account was secretly looking at employee inboxes.
The next day, on February 12, investigators confirmed it was an unauthorized break-in. They acted fast. The OCC shut down the hacked accounts and called in outside cybersecurity experts to help figure out what happened.
Investigators Discover the Scope of the Damage
The attack is now called a “major information security incident.” It was serious enough to require a formal notice to Congress. The OCC said hackers accessed about 150,000 emails during the nearly two-year breach. These emails weren’t just regular messages. They held sensitive details about banks’ financial health and how they were being monitored.
Even though only a “limited number” of email accounts were directly involved, those accounts had high-level access to private banking data. That’s what makes this attack particularly dangerous.
Cyber Attacks on Connected Cars
The OCC said it checked all email logs from 2022. This was part of its investigation to see how far the breach went. The hacked email came from an admin account. This account usually has special control over systems and user access. Once the hackers took over this account, they could move around freely.
The OCC contacted the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to prevent further harm. CISA quickly joined the investigation after receiving the information.
The OCC also informed the public about the breach on February 26. Officials made it clear that, at the time, there was no sign the financial sector itself was impacted. However, they warned that just because there’s no proof of harm doesn’t mean harm didn’t happen.
Response and Continuing Concerns
After confirming the attack, the OCC launched a full review of its computer security policies. It also began working with outside experts to improve its handling of future cyber threats. One major step was examining the agency’s structure and practices to fix any weak points that allowed hackers in.
The attack happened during rising concerns about foreign hackers breaking into U.S. government systems. In recent months, foreign groups have likely hit government agencies with a wave of cyberattacks. Officials have not named who is behind the OCC attack. However, past cyberattacks have linked groups to foreign governments.
Critical Vulnerabilities: The Dark Side of Pacemaker Technology
Several recent hacking campaigns targeting U.S. systems, including the Treasury Department, were linked to groups using advanced tools to spy on email traffic and steal sensitive government information. Some of these attacks focused on agencies involved in enforcing U.S. sanctions and monitoring global financial activity.
The OCC is still investigating what was viewed or stolen. It is also looking into how this may impact the banks and systems it oversees. The agency stressed that it is taking the matter seriously and working to prevent it from happening again.
The breach is one of the most alarming recent examples of how vulnerable even the most secure government systems can be to cyberattacks.
