A US bank regulator said Tuesday that its email system had been subject to a major cybersecurity incident, flagging “unauthorized access” that covered sensitive financial information.
The Office of the Comptroller of the Currency (OCC) learned of unusual activity in its email system in early February and, shortly after, disabled the compromised administrative accounts, it said in a statement.
The OCC said it, in consultation with the Treasury Department, determined that the situation “met the conditions necessary to be classified as a major incident.”
The unauthorized access involved some OCC executive and employee emails, as well as attachments, the office added.
It said that this covered “highly sensitive information” on the condition of federally regulated financial institutions used in its oversight processes.
The OCC did not provide further details of the breach but said it has tapped third-party cybersecurity experts to carry out a full review of the investigation and forensic efforts.
It will also launch an immediate assessment of its current IT security policies to boost its ability to detect and prevent potential security incidents in the future.
“There will be full accountability for the vulnerabilities identified and any missed internal findings that led to the unauthorized access,” said Acting Comptroller of the Currency Rodney Hood.
Add Comment