OCC Reports Major Cybersecurity Breach to Congress

On April 8, 2025, the Office of the Comptroller of the Currency (OCC), in accordance with the Federal Information Security Modernization Act (FISMA), notified Congress that it identified a “major security incident” resulting from the breach of its email system.  A major security incident under FISMA is a cybersecurity breach that is likely to “result in demonstrable harm to the national security interests, foreign relations, or the economy of the United States, or to the public confidence, civil liberties, or public health and safety of the American people.”

Hackers gained access to more than 100 email accounts and roughly 150,000 emails from May 2024 until February 2025, including the mailboxes of senior deputy comptrollers and international banking supervisors.

In an April 14, 2025 letter to the CEOs of its member banks, Acting Comptroller of the Currency, Rodney Hood, advised that the OCC is currently undertaking an extensive review to determine the full scope of accessed data and is evaluating its IT security policies and procedures.