A significant data breach at the Treasury’s Office of the Comptroller of the Currency (OCC) has been revealed, exposing over 150,000 emails. Unknown attackers gained access to the system as early as June 2023, remaining undetected for months. The breach involved the compromise of an email system administrator account, granting the attackers extensive access.
The OCC, a crucial U.S. Department of the Treasury bureau overseeing banks and federal savings associations, initially downplayed the incident. In February 2025, they reported a “cybersecurity incident” affecting their email system and multiple accounts, claiming no impact on the financial sector.
Their statement read: “The Office of the Comptroller of the Currency (OCC) this month identified, isolated and resolved a security incident involving an administrative account in the OCC email system.”
They added that, “The OCC’s investigation analyzed all email logs since 2022 for due diligence. The OCC identified a limited number of affected email accounts that have since been disabled.”
However, sources familiar with the investigation revealed a far more extensive breach. Attackers accessed approximately 100 bank regulators’ emails and significantly more accounts than initially reported.
This unauthorized access included “highly sensitive information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes,” according to the OCC’s notification to the U.S. Congress on April 8, 2025.
This notification classified the incident as a “major information security incident.” The compromised administrative account was disabled on February 12, 2025, one day after the breach was discovered.
This breach follows another significant incident in early January 2025, where the Treasury Department’s network was compromised using a stolen Remote Support SaaS API key.
This attack has been linked to Silk Typhoon, a Chinese state-backed hacking group, targeting the Office of Foreign Assets Control (OFAC) and the Committee on Foreign Investment in the United States (CFIUS).
Silk Typhoon also breached the Treasury’s Office of Financial Research, with the full impact still under assessment. The OCC breach underscores the persistent threat of sophisticated cyberattacks against government agencies and the financial sector.
The scale of the data breach and the sensitive nature of the compromised information raise serious concerns about national security and the integrity of the financial system.
