
The OCC serves to charter, regulate, and supervise all national banks and federal thrift institutions and the federally licensed branches and agencies of foreign banks in the United States.
According to the OCC, an administrative email account with access to user mailboxes and internal systems was compromised; as a result, unauthorized persons gained access to nonpublic data.
The breach was discovered on February 11, 2025; at that time, Microsoft notified the OCC of unusual activity in its mailboxes. However, the scope of the compromise was identified only recently.
The incident report states that unknown cybercriminals gained access to “highly sensitive information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes.”
The compromised administrative account was disabled on February 12, when the breach was confirmed; third-party cybersecurity experts were retained to assess the incident impact.
“Based on the content of the emails and attachments reviewed thus far, the OCC, in consultation with the Department of the Treasury, determined the incident met the conditions necessary to be classified as a major incident. The OCC discovered that the unauthorized access to a number of its executives’ and employees’ emails included highly sensitive information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight process,” – the OCC.
According to Bloomberg News, a draft letter to Congress prepared by OCC Chief Information Officer Kristen Baldwin states that the highly sensitive bank information contained in the emails and attachments is likely to result in demonstrable harm to public confidence. In the period from May 2023 to early 2025, the attackers had accessed roughly 150,000 emails.
OCC representatives haven’t commented on this information yet, nor did they specify who might be responsible for the breach.
Back in December 2024, unknown attackers had hacked the U.S. Department of the Treasury and compromised the SaaS platform used by it. At that time, it was reported that the intrusion affected the Office of Foreign Assets Control (OFAC), and the hackers deliberately attacked this department that administers and enforces economic and trade sanctions.
The U.S. authorities held some ‘Chinese government hackers’ liable for that attack.

2025.04.23 — Improper authentication control vulnerability affects ASUS routers with AiCloud
ASUSTeK Computer Inc. fixed an improper authentication control vulnerability in routers with AiCloud. The bug allows remote attackers to perform unauthorized actions on vulnerable devices. The issue…
Full article →
2025.01.25 — 18,000 script kiddies have been infected with backdoor via XWorm RAT builder
According to CloudSEK analysts, malefactors attack novice hackers using a fake malware builder. Script kiddies' systems become infected with a backdoor that steals data and subsequently…
Full article →
2025.03.05 — Polish Space Agency disconnects its network due to hacker attack
Last weekend, the Polish Space Agency (POLSA) had to disconnect all of its systems from the Internet to localize an attack targeting its IT infrastructure. After discovering the intrusion,…
Full article →
2025.02.25 — More than 100,000 users downloaded SpyLend malware from Google Play Store
According to Cyfirma, a malicious Android app called SpyLend was available on the official Google Play Store for some time and has been downloaded from there…
Full article →
2025.03.24 — Alexa to stop processing data locally. All voice requests will be sent to Amazon Cloud
Amazon announced that the privacy option allowing users of Echo speakers to avoid sending their voice recordings to the company's cloud will no longer be supported. Effective March…
Full article →
2025.04.30 — Coinbase fixes 2FA bug that made customers panic
Cryptocurrency exchange Coinbase has fixed a bug in its Account Activity logs that caused customers to think their credentials were compromised. Earlier this month, BleepingComputer…
Full article →
2025.02.14 — 12,000 Kerio Control firewalls remain vulnerable to RCE
Security experts report that more than 12,000 GFI Kerio Control firewall instances remain vulnerable to the critical RCE vulnerability CVE-2024-52875, which was fixed…
Full article →
2025.01.27 — YouTube plays hour-long ads to users with ad blockers
Users complain that YouTube plays very long unskippable ads. Sometimes such ads are longer than the video the person is watching. The issue was raised…
Full article →
2025.03.28 — Zero-day vulnerability in Windows results in NTLM hash leaks
Security experts reported a new zero-day vulnerability in Windows that enables remote attackers to steal NTLM credentials by tricking victims into viewing malicious files in Windows…
Full article →
2025.01.30 — Hackers use vulnerabilities in SimpleHelp RMM to attack corporate networks
Experts believe that recently patched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) were used by attackers to gain initial access to corporate networks. A number…
Full article →