Hackers Spied on U.S. Bank Watchdogs for Over a Year via Email

In what sounds like the plot of a digital espionage thriller, hackers secretly infiltrated the email accounts of over 100 employees at the Office of the Comptroller of the Currency (OCC), a key U.S. bank regulator, for more than a year. The attackers reportedly gained access through an administrative account and monitored communications containing “highly sensitive” financial data from May 2023 until early 2025, according to a draft letter seen by Bloomberg. The OCC, a powerful arm of the Treasury Department that oversees national banks and foreign banking branches in the U.S., confirmed the breach on February 12 after Microsoft flagged suspicious network behavior. Investigators later revealed that the compromise affected top officials, including senior deputy comptrollers and international banking supervisors. OCC’s Chief Information Officer warned Congress that the exposed data could seriously erode public trust in the financial system. While the source of the attack remains unknown, it follows a string of state-linked cyber intrusions targeting U.S. government entities. The OCC has since shut down the affected accounts and notified Homeland Security’s Cybersecurity and Infrastructure Security Agency, stating there’s no immediate threat to the broader financial sector—for now.
Source.