Banking institutions under OCC supervision assess data leak fallout, with certain entities curtailing data sharing practices.
The Office of the Comptroller of the Currency (OCC) experienced a significant data breach in early 2025, with unauthorized access to its email systems. This breach exposed highly sensitive information relating to the financial condition of certain banking institutions, according to multiple reports.
The incident, classified as a major incident under the Federal Information Security Modernization Act, was disclosed to the public in April 2025. As a result, several major banks, including JPMorgan Chase, Bank of America, and BNY Mellon, temporarily halted electronic information sharing with the OCC to contain the risk.
The extent of the sensitive information compromised is still under investigation. The attackers accessed emails containing confidential financial condition details of certain institutions, though specific numbers or individual customer data breach details have not been disclosed. It is important to note that there is currently no public indication that the breach involved personal customer data or personally identifiable information (PII) of bank customers.
Following the breach, the OCC adhered to regulatory breach response oversight. This included containing the incident, monitoring for further unauthorized access, preserving evidence, and coordinating with federal law enforcement agencies to hold perpetrators accountable. The OCC also worked with financial institutions affected to minimize potential damage and to notify customers if warranted based on misuse likelihood.
In response to the breach, the OCC has made improvements to its IT security. It is also partnering with Microsoft Global Hunting Oversight and Strategic Triage, Mandiant, and CrowdStrike for a full investigation into the security breach. The OCC globally reset all credentials associated with its Microsoft tenant to eliminate further threat.
As the investigation continues, the OCC will provide all institutions with email addresses that were included in the compromised information so they can determine what information was shared with the OCC during the time frame the breach occurred. The OCC will also inform each regulated institution if the hackers accessed information specific to their company.
The OCC learned about the unauthorized access to a number of agency email accounts on Feb. 12 and activated incident response protocols. During an internal review, the OCC found that hackers accessed sensitive information. The OCC notified the public about the breach on Feb. 26.
Some banks, such as Bank of America and BNY, have also paused sharing information with the OCC due to security concerns. However, Citi hasn't moved to limit its info sharing with the OCC, as it wasn't in its practice to share classified information via email.
As the investigation progresses, the OCC will continue to work diligently to protect the sensitive information of the banking institutions it regulates and to ensure the security of its own systems.
- The OCC, in response to the cybersecurity incident and to ensure the security of its systems, has partnered with technology companies like Microsoft Global Hunting Oversight and Strategic Triage, Mandiant, and CrowdStrike for a thorough investigation.
- Besides temporarily halting electronic information sharing with the OCC, certain businesses, such as JPMorgan Chase, Bank of America, and BNY Mellon, are also strongly focused on finance sector security and may intensify their own cybersecurity measures due to the breach.
