The Office of the Comptroller of the Currency (OCC), a federal agency that oversees national banks, has confirmed it experienced a significant data breach. According to a press release, the breach was identified in February 2025 and involved unauthorized access to an administrative email account in the OCC’s system.
Following the detection of the breach, the OCC took swift action by analyzing email logs dating back to 2022. This investigation led to the identification of a limited number of affected email accounts, which have since been deactivated. The organization has reported the incident to the Cybersecurity and Infrastructure Security Agency, adhering to regulatory requirements.
While the OCC’s official statement remains somewhat vague, sources familiar with the situation provided further details. Reports suggest that cybercriminals accessed over 150,000 emails, including those belonging to around 100 bank regulators. The agency informed US Congress that the breach, termed a “major information security incident,” was both discovered and resolved within a 24-hour period, from February 11 to February 12.
Importantly, the OCC indicated that there is no evidence suggesting any adverse impact on the broader financial sector at this time. However, the unauthorized access reportedly included sensitive information pertaining to the financial conditions of institutions under OCC oversight.
This incident marks a concerning trend of cybersecurity breaches within government agencies, raising alarms for future data protection efforts. Previously, a major government-related data breach occurred after the election of Donald Trump, highlighting the potential vulnerabilities in critical government systems.