Hackers Breach Treasury’s OCC Email System, Access 150,000 Messages
A significant cybersecurity breach has rocked the U.S. Treasury Department’s Office of the Comptroller of the Currency (OCC), with hackers reportedly accessing over 100 email accounts for nearly a year. The scope of the incident, now classified as a “major incident,” underscores the growing threat of targeted cyber intrusions on government systems.
Table of Contents
Breach Went Undetected for Months
The OCC first became aware of the security breach on February 12, 2025, after observing suspicious activity involving administrative email accounts. Initial findings suggested that only a limited number of inboxes were affected, and there appeared to be no immediate threat to the broader financial sector. However, new information shared this week reveals a much more serious situation.
Investigators have now confirmed that at least 103 OCC email accounts were compromised in the attack, and threat actors maintained access from May 2023 until early 2025. Microsoft was reportedly the party that alerted OCC officials to the breach. The attackers accessed an estimated 150,000 emails, many of which contained highly sensitive information.
Among the stolen data were messages tied to the financial condition of federally regulated financial institutions—data the OCC uses during its supervisory and examination processes. This revelation raises concerns about potential exploitation of financial regulatory information and broader risks to national financial stability.
Who’s Behind the Attack?
At this stage, the identity of the attackers remains unknown. However, past targeting of the Treasury Department by sophisticated threat groups has prompted speculation. In particular, a Chinese state-backed cyber espionage group known as Silk Typhoon (previously linked to attacks on the Committee on Foreign Investment in the US and the Office of Foreign Assets Control) may be a suspect.
The OCC has not officially attributed the attack to any specific group, and the investigation is ongoing. The extent of data exfiltration and the potential consequences are still being assessed, but the exposure of such sensitive information is undoubtedly a cause for concern across the financial oversight community.
A Wake-Up Call for Federal Cybersecurity
This breach highlights once again the vulnerabilities facing even the most secure government agencies. The fact that attackers were able to maintain access for nearly a year without detection raises troubling questions about current federal cybersecurity practices and the resilience of oversight bodies tasked with protecting the financial system.
While the OCC has stated there’s no evidence the financial sector itself was impacted, the compromised communications likely contain confidential insights that, in the wrong hands, could be exploited for economic or strategic gain. As threat actors continue to evolve their methods, this incident serves as a stark reminder of the importance of robust, proactive cybersecurity defenses and constant vigilance.
Organizations—both public and private—must ensure they have the proper monitoring tools, threat intelligence capabilities, and incident response plans in place. The consequences of underestimating cyber threats, particularly when sensitive financial data is at stake, can be far-reaching.