The U.S. Treasury Department's Office of the Comptroller of the Currency had more than 150,000 emails disclosed by people close to the matter to have been compromised since the attack against the OCC's email system administrator account in June 2023, contrary to the bureau's initial report of limited breach impact in February, BleepingComputer reports.
In a statement to Congress on Tuesday, the OCC said that it had only discovered the "major information security incident" on Feb. 11, with the affected system admin account deactivated the following day. "The unauthorized access to a number of its executives' and employees' emails included highly sensitive information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes," said the OCC statement. Such a development comes after the Treasury Department's Office of Foreign Assets Control and Committee on Foreign Investment in the U.S. were targeted by Chinese state-sponsored threat operation Silk Typhoon. Investigation into Silk Typhoon's compromise of the Treasury's Office of Financial Research as part of the attack campaign is still underway.
In a statement to Congress on Tuesday, the OCC said that it had only discovered the "major information security incident" on Feb. 11, with the affected system admin account deactivated the following day. "The unauthorized access to a number of its executives' and employees' emails included highly sensitive information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes," said the OCC statement. Such a development comes after the Treasury Department's Office of Foreign Assets Control and Committee on Foreign Investment in the U.S. were targeted by Chinese state-sponsored threat operation Silk Typhoon. Investigation into Silk Typhoon's compromise of the Treasury's Office of Financial Research as part of the attack campaign is still underway.
