In a significant cybersecurity breach, unknown attackers accessed the email systems of the U.S. Treasury’s Office of the Comptroller of the Currency (OCC) in June 2023, compromising over 150,000 emails, as reported by anonymous sources. The OCC is entrusted with overseeing banks and ensuring compliance with federal regulations that safeguard consumers and provide equitable access to financial services.
According to a report by Bloomberg, the hackers gained control over the email system by breaking into an email system administrator’s account. This breach was disclosed by the OCC in February 2025, leading to its notification to the U.S. Cybersecurity and Infrastructure Security Agency.
Initially characterized as a minor incident affecting a limited number of accounts, the investigation revealed that the scope of the breach was much broader. Anonymous sources indicated that the attackers not only accessed multiple employee accounts but specifically targeted around 100 emails of bank regulators, which involved sensitive information regarding the financial stability of federally regulated institutions.
On April 8, 2025, the OCC formally informed Congress about the breach, labeling it a “major information security incident.” The compromised administrative account was disabled promptly on February 12 following the OCC’s discovery. This incident is part of ongoing concerns regarding cybersecurity threats to government institutions, and it adds to a growing list of breaches that have affected federal agencies.
In a related security incident, the Treasury Department previously disclosed a breach involving its network through an exploited Remote Support SaaS API key, linked to a Chinese state-sponsored hacking group known as Silk Typhoon. This group has been associated with attacks against various offices within the Treasury, targeting sensitive information regarding trade sanctions and national security.