FlagThis - #treasury

The US Treasury's Office of the Comptroller of the Currency (OCC) has disclosed a significant email breach, classified as a "major incident." The breach, which went undetected for over a year, involved unauthorized access to 150,000 emails within 100 accounts belonging to US bank regulators at the OCC. These emails contained highly sensitive details concerning the financial condition of federally regulated financial institutions, information critical to the OCC's examinations and supervisory oversight processes. The OCC became aware of unusual activity on February 11th, discovering an administrative account interacting with agency mailboxes in an unauthorized manner. IT staff confirmed the unauthorized access and disabled the affected accounts the following day.

Advertisement

The OCC notified Congress about the incident on the same day as a Bloomberg report, calling it a “major incident.” Internal and independent investigations of email accounts and attachments indicate that OCC first became aware of the incident Feb. 11, when the office was notified of an administrative account that was interacting with agency mailboxes in an unusual fashion. The next day, IT staff confirmed the account’s access was unauthorized and disabled the accounts. Acting Comptroller of the Currency Rodney E. Hood stated that immediate steps have been taken to determine the full extent of the breach and address organizational deficiencies that contributed to it. Hood promised full accountability for the vulnerabilities identified and any missed internal findings that led to the unauthorized access.

Cybersecurity experts have expressed concern about the implications of this breach. The compromised data could allow malicious actors to exploit weaknesses in banks' cybersecurity controls and processes, making it easier to perpetrate fraud or disrupt services. Knowing the weakest targets and their specific vulnerabilities provides a significant advantage to attackers, enabling them to target banks with precision. Security experts also point to how recent cuts at CISA and other federal agencies will weaken cybersecurity in the federal government and across the public sector and U.S. election systems. The OCC is collaborating with the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of the Treasury during its investigations.


References :

• cyberscoop.com: Treasury bureau notifies Congress that email hack was a ‘major’ cybersecurity incident
• thecyberexpress.com: Hackers Had Access to 150,000 Emails in U.S. Treasury Email Breach
• www.scworld.com: Hackers accessed 150,000 emails of 100 US bank regulators at OCC
• securityaffairs.com: The US Treasury’s OCC disclosed an undetected major email breach for over a year
• CyberScoop: The OCC said the February incident resulted in the theft of “highly sensitive information" tied to the financial conditions of federally regulated institutions.
• BleepingComputer: Hackers lurked in Treasury OCC’s systems since June 2023 breach
• www.cybersecuritydive.com: Treasury Department bank regulator discloses major hack

Classification:

• HashTags: #treasury #emailbreach #cybersecurity
• Company: US Treasury
• Target: US bank regulators
• Feature: email access
• Type: DataBreach
• Severity: Major

The Office of the Comptroller of the Currency (OCC), an independent bureau within the U.S. Treasury Department, has confirmed a major email breach impacting approximately 100 bank regulators' accounts. The breach, which lasted for over a year, resulted in unauthorized access to more than 150,000 emails containing sensitive details about banks the agency oversees. According to the OCC's public statement, the compromised emails included highly sensitive information relating to the financial condition of federally regulated financial institutions and used in examination and supervisory oversight processes.

The OCC discovered the unauthorized access after being notified by Microsoft about unusual network behavior on Feb. 11. Following the discovery, the OCC notified Congress of the incident, describing it as a "major information security incident". Analysis by the OCC concluded that the highly sensitive bank information contained in the emails and attachments is likely to result in demonstrable harm to public confidence. The agency has since launched an internal and independent third-party review to determine the full extent of the breach and identify vulnerabilities that led to the unauthorized access.

Security experts have expressed concern over the news, emphasizing the potential for malicious actors to exploit the exposed information. One expert noted that knowing the weakest targets and their vulnerabilities could enable attackers to launch a broad series of attacks to disrupt services or perpetrate fraud. The OCC also notified the Cybersecurity and Infrastructure Security Agency (CISA) that there is no indication of any impact to the financial sector at this time. The OCC incident is considered the second high-profile breach for the Treasury Department in recent months, the first one involved Chinese state-sponsored hackers breaching their network.


References :

• CyberScoop: Treasury bureau notifies Congress that email hack was a ‘major’ cybersecurity incident
• The Register - Security: Sensitive financial files feared stolen from US bank watchdog
• www.cybersecurity-insiders.com: Hackers breach email systems of OCC to gather intelligence from emails
• Metacurity: Hackers intercepted emails at US Comptroller of the Currency for over a year
• thecyberexpress.com: Hackers Had Access to 150,000 Emails in U.S. Treasury Email Breach
• www.cybersecuritydive.com: Treasury Department bank regulator discloses major hack
• www.scworld.com: Hackers accessed 150,000 emails of 100 US bank regulators at OCC
• Tech Monitor: OCC reports major email security breach to US Congress
• cyberscoop.com: Treasury bureau notifies Congress that email hack was a ‘major’ cybersecurity incident
• securityaffairs.com: The US Treasury’s OCC disclosed an undetected major email breach for over a year
• www.csoonline.com: OCC email system breach described as ‘stunning, serious’

Classification:

• HashTags: #DataBreach #CyberSecurity #FinancialIncident
• Company: OCC
• Target: US Treasury Department
• Product: Email System
• Feature: Email Interception
• Type: DataBreach
• Severity: Major