CyberSecurity news
FlagThis
@www.cybersecurity-insiders.com
//
The Office of the Comptroller of the Currency (OCC), an independent bureau within the U.S. Treasury Department, has confirmed a major email breach impacting approximately 100 bank regulators' accounts. The breach, which lasted for over a year, resulted in unauthorized access to more than 150,000 emails containing sensitive details about banks the agency oversees. According to the OCC's public statement, the compromised emails included highly sensitive information relating to the financial condition of federally regulated financial institutions and used in examination and supervisory oversight processes.
The OCC discovered the unauthorized access after being notified by Microsoft about unusual network behavior on Feb. 11. Following the discovery, the OCC notified Congress of the incident, describing it as a "major information security incident". Analysis by the OCC concluded that the highly sensitive bank information contained in the emails and attachments is likely to result in demonstrable harm to public confidence. The agency has since launched an internal and independent third-party review to determine the full extent of the breach and identify vulnerabilities that led to the unauthorized access.
Security experts have expressed concern over the news, emphasizing the potential for malicious actors to exploit the exposed information. One expert noted that knowing the weakest targets and their vulnerabilities could enable attackers to launch a broad series of attacks to disrupt services or perpetrate fraud. The OCC also notified the Cybersecurity and Infrastructure Security Agency (CISA) that there is no indication of any impact to the financial sector at this time. The OCC incident is considered the second high-profile breach for the Treasury Department in recent months, the first one involved Chinese state-sponsored hackers breaching their network.
ImgSrc: www.cybersecuri
References :
The OCC discovered the unauthorized access after being notified by Microsoft about unusual network behavior on Feb. 11. Following the discovery, the OCC notified Congress of the incident, describing it as a "major information security incident". Analysis by the OCC concluded that the highly sensitive bank information contained in the emails and attachments is likely to result in demonstrable harm to public confidence. The agency has since launched an internal and independent third-party review to determine the full extent of the breach and identify vulnerabilities that led to the unauthorized access.
Security experts have expressed concern over the news, emphasizing the potential for malicious actors to exploit the exposed information. One expert noted that knowing the weakest targets and their vulnerabilities could enable attackers to launch a broad series of attacks to disrupt services or perpetrate fraud. The OCC also notified the Cybersecurity and Infrastructure Security Agency (CISA) that there is no indication of any impact to the financial sector at this time. The OCC incident is considered the second high-profile breach for the Treasury Department in recent months, the first one involved Chinese state-sponsored hackers breaching their network.
ImgSrc: www.cybersecuri
Share:
References :
- CyberScoop: Treasury bureau notifies Congress that email hack was a ‘major’ cybersecurity incident
- The Register - Security: Sensitive financial files feared stolen from US bank watchdog
- www.cybersecurity-insiders.com: Hackers breach email systems of OCC to gather intelligence from emails
- Metacurity: Hackers intercepted emails at US Comptroller of the Currency for over a year
- thecyberexpress.com: Hackers Had Access to 150,000 Emails in U.S. Treasury Email Breach
- www.cybersecuritydive.com: Treasury Department bank regulator discloses major hack
- www.scworld.com: Hackers accessed 150,000 emails of 100 US bank regulators at OCC
- Tech Monitor: OCC reports major email security breach to US Congress
- cyberscoop.com: Treasury bureau notifies Congress that email hack was a ‘major’ cybersecurity incident
- securityaffairs.com: The US Treasury’s OCC disclosed an undetected major email breach for over a year
- www.csoonline.com: OCC email system breach described as ‘stunning, serious’
Classification:
- HashTags: #DataBreach #CyberSecurity #FinancialIncident
- Company: OCC
- Target: US Treasury Department
- Product: Email System
- Feature: Email Interception
- Type: DataBreach
- Severity: Major