The Office of the Comptroller of the Currency (OCC) has alerted Congress to a "major incident" involving a cyberattack that compromised sensitive internal communications.

Discovered on February 11, the breach led to unauthorized access to emails belonging to several OCC executives and employees. These emails contained confidential details about the financial health of federally regulated institutions, information critical to the agency's oversight responsibilities.

According to Bloomberg, the intrusion occurred in June 2023 and exposed more than 150,000 emails before it was detected. The OCC cut off access immediately after the breach was discovered and enlisted third-party cybersecurity experts to conduct a comprehensive review of the agency’s investigation and forensic response.

Acting Comptroller of the Currency Rodney Hood emphasized the importance of securing OCC systems, calling the breach a wake-up call. “I have taken immediate steps to determine the full extent of the breach and to remedy the long-held organizational and structural deficiencies that contributed to this incident,” he stated. A broader evaluation of the OCC's current IT security policies is now underway.