SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Email Security

Treasury’s OCC Says Hackers Had Access to 150,000 Emails

The Office of the Comptroller of the Currency (OCC) has disclosed an email security incident in which 100 accounts were compromised for over a year. 
Libraesva ESG vulnerability exploited

The US Treasury Department’s Office of the Comptroller of the Currency (OCC) on Tuesday shared information on a recently discovered email system breach that has been described as a “major incident”. 

The OCC, whose role is to regulate and supervise national and foreign banks, revealed in late February that it had become aware of a security incident involving an administrative account in its email system. 

The initial investigation revealed that a “limited number” of email accounts were affected and there was no evidence of impact on the financial sector. 

An update shared by the regulator on Tuesday provided more information on the incident, which it discovered on February 12, 2025, after learning of unusual interactions between OCC user inboxes and system admin accounts. 

An analysis showed that threat actors had gained access to emails of executives and employees, including messages containing “information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes”. 

Based on a draft letter from the OCC to Congress and information from sources, Bloomberg reported that 103 email accounts were compromised and the attackers gained access to highly sensitive financial information. 

According to the publication, Microsoft alerted the OCC of the breach in February and the investigation showed that the hackers had access to roughly 150,000 emails from May 2023 until they were discovered and their access was terminated. 

It’s unclear who is behind the attack. The Treasury Department, specifically its Committee on Foreign Investment in the US (CFIUS) and Office of Foreign Assets Control (OFAC), were previously targeted by a China-linked threat group tracked as Silk Typhoon

Advertisement. Scroll to continue reading.

It’s unclear if the OCC hack is related to the attacks on the other two Treasury bureaus. 

Related: CRM, Bulk Email Providers Targeted in Crypto Phishing Campaign

Related: Library of Congress Says an Adversary Hacked Some Emails

Related: Google Confirms an Iranian Group Is Trying to Access Emails Linked to Both US Presidential Campaigns

Related: Treasury Levels Sanctions Tied to a Massive Hack of Telecom Companies and Breach of Its Own Network

Written By

Eduard Kovacs (@EduardKovacs) is the managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: Fact vs. Fiction: The Truth About API Security
October 15, 2025

APIs drive today’s digital business, but they’re also a prime target. This session will debunk common API security myths and give you a clear view of where real risks lie.

Register

Virtual Event: CISO Forum 2025 Virtual Summit
November 12, 2025

Designed for senior level cybersecurity leaders to discuss, share and learn innovative cybersecurity and risk management strategies.

Register

People on the Move

Outpost24 has appointed Martin Roth as Chief Technology Officer.

Exabeam has promoted Pete Harteveld to the role of CEO.

Arkose Labs has appointed Dave Woolwine as Chief Revenue Officer (CRO).

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.