OCC announces information security incident involving email

The OCC notified Congress of a major information security incident, as required by the Federal Information Security Modernization Act.

About the Incident: In a news release, the OCC said:

  • Internal and independent third-party reviews found OCC emails and email attachments were subject to unauthorized access.
  • On Feb. 11, the OCC learned of unusual interactions between a system administrative account in its office automation environment and OCC user mailboxes.
  • On Feb. 12, the OCC confirmed the activity was unauthorized, activated its incident response protocols, reported the incident to the Cybersecurity and Infrastructure Security Agency, disabled the compromised administrative accounts, and confirmed that the unauthorized access had been terminated.

Sensitive Information: The OCC said the incident resulted in unauthorized access to a number of its executives’ and employees’ emails that included highly sensitive information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes.

Full Review: The agency said it is:

  • Using third-party cybersecurity experts to perform a full review of the investigation and forensics efforts.
  • Launching an immediate and thorough evaluation of its IT security policies and procedures.
  • Working to engage an additional independent third-party to assess and analyze internal processes related to cyber incidents.

ICBA Resources: Cyber and data security resources for community banks are available on the ICBA website.

Previous News

  • Independent Banker: ICBA’s new board gets to work

    The latest issue of Independent Banker magazine reports that while ICBA’s 2025-2026 board members hail from all parts of the country, they share a common focus: helping community banks succeed.

    Image

    Apr 7, 2025

  • CFPB says it will reopen 1071 rule

    The Consumer Financial Protection Bureau said it will open a new rulemaking to implement Section 1071 data collection and reporting requirements for small-business loans.

    Image

    Apr 7, 2025

  • Romero Rainey: Committee markup a key milestone, but more work ahead

    The explosion of pro-community bank policy reforms from the first quarter of the year culminated in last week’s House Financial Services Committee markup, but there is still significant work to do, ICBA President and CEO Rebeca Romero Rainey said in a message to community bankers.

    Image

    Apr 7, 2025


Related News Taxonomy