The OCC serves to charter, regulate, and supervise all national banks and federal thrift institutions and the federally licensed branches and agencies of foreign banks in the United States.
According to the OCC, an administrative email account with access to user mailboxes and internal systems was compromised; as a result, unauthorized persons gained access to nonpublic data.
The breach was discovered on February 11, 2025; at that time, Microsoft notified the OCC of unusual activity in its mailboxes. However, the scope of the compromise was identified only recently.
The incident report states that unknown cybercriminals gained access to “highly sensitive information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes.”
The compromised administrative account was disabled on February 12, when the breach was confirmed; third-party cybersecurity experts were retained to assess the incident impact.
“Based on the content of the emails and attachments reviewed thus far, the OCC, in consultation with the Department of the Treasury, determined the incident met the conditions necessary to be classified as a major incident. The OCC discovered that the unauthorized access to a number of its executives’ and employees’ emails included highly sensitive information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight process,” – the OCC.
According to Bloomberg News, a draft letter to Congress prepared by OCC Chief Information Officer Kristen Baldwin states that the highly sensitive bank information contained in the emails and attachments is likely to result in demonstrable harm to public confidence. In the period from May 2023 to early 2025, the attackers had accessed roughly 150,000 emails.
OCC representatives haven’t commented on this information yet, nor did they specify who might be responsible for the breach.
Back in December 2024, unknown attackers had hacked the U.S. Department of the Treasury and compromised the SaaS platform used by it. At that time, it was reported that the intrusion affected the Office of Foreign Assets Control (OFAC), and the hackers deliberately attacked this department that administers and enforces economic and trade sanctions.
The U.S. authorities held some ‘Chinese government hackers’ liable for that attack.
2025.02.07 — 768 vulnerabilities were exploited by hackers in 2024
According to VulnCheck, 768 CVEs were registered as exploited in real-life attacks in 2024. This is 20% greater compared to 2023 when hackers exploited 639 vulnerabilities. Interestingly,…
Full article →
2025.02.18 — Chrome Enhanced Protection mode is now powered by AI
The Enhanced Protection mode in Google Chrome has been updated. Now it uses AI to protect users from dangerous sites, downloads, and extensions in real time.…
Full article →
2025.03.28 — Zero-day vulnerability in Windows results in NTLM hash leaks
Security experts reported a new zero-day vulnerability in Windows that enables remote attackers to steal NTLM credentials by tricking victims into viewing malicious files in Windows…
Full article →
2025.02.10 — Failed attempt to block phishing link results in massive Cloudflare outage
According to the incident report released by Cloudflare, an attempt to block a phishing URL on the R2 platform accidentally caused a massive outage; as a result, many Cloudflare…
Full article →
2025.02.17 — Dutch police seize 127 servers belonging to Zservers hosting provider
Following the introduction of international sanctions against Zservers, Russian 'bulletproof' hosting services provider, the Dutch National Police (Politie) shut down and seized 127 servers belonging to Zservers/XHost.…
Full article →
2025.04.25 — Asus patches vulnerability in AMI's MegaRAC enabling attackers to brick servers
Asus released patches for the CVE-2024-54085 vulnerability that allows attackers to seize and disable servers. The security hole affects the American Megatrends International (AMI) MegaRAC Baseboard Management…
Full article →
2025.02.14 — 12,000 Kerio Control firewalls remain vulnerable to RCE
Security experts report that more than 12,000 GFI Kerio Control firewall instances remain vulnerable to the critical RCE vulnerability CVE-2024-52875, which was fixed…
Full article →
2025.02.08 — Hackers exploit RCE vulnerability in Microsoft Outlook
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Federal Civilian Executive Branch (FCEB) Agencies that they have to secure their systems from ongoing…
Full article →
2025.04.16 — Android devices will restart every three days to protect user data
Google introduces a new security feature for Android devices: locked and unused devices will be automatically restarted after three days of inactivity to return their memory to an…
Full article →
2025.03.18 — Black Basta ransomware group developed its own automated brute-forcing framework
According to EclecticIQ, Black Basta Ransomware-as-a-Service (RaaS) group has developed its own automated brute-forcing framework dubbed BRUTED. It's used to hack edge network devices…
Full article →