Hackers spied on 100 US bank regulators’ e-mails for over a year

WASHINGTON – Hackers intercepted about 103 bank regulators’ e-mails for more than a year, gaining access to highly sensitive financial information, according to two people familiar with the matter and a draft letter to Congress seen by Bloomberg News.

The attackers were able to monitor employee e-mails at the Office of the Comptroller of the Currency (OCC) after breaking into an administrator’s account, said the people, asking not to be identified because the information is not public.

OCC on Feb 12 confirmed that there had been unauthorised activity on its systems after a Microsoft security team notified OCC the day before about unusual network behaviour, according to the draft letter.

The OCC is an independent bureau of the Treasury Department that regulates and supervises all national banks, federal savings associations and the federal branches and agencies of foreign banks – together holding trillions of dollars in assets.

OCC on April 8 notified Congress about the compromise, describing it as a “major information security incident”.

OCC chief information officer Kristen Baldwin, in the draft letter to Congress that was seen by Bloomberg News, wrote: “The analysis concluded that the highly sensitive bank information contained in the e-mails and attachments is likely to result in demonstrable harm to public confidence.”

While US government agencies and officials have long been the targets of state-sponsored espionage campaigns, multiple high-profile breaches have surfaced over the past year.

In December 2024, for instance, the Treasury revealed that Chinese state-sponsored hackers had breached their network through a third-party provider, giving them access to some unclassified documents and former Secretary Janet Yellen’s computer.

It was not immediately clear if the OCC breach was related, people familiar with the situation said.

Separately, a Chinese group known as Salt Typhoon is believed to have compromised nine US telecommunications carriers, targeting the phones of both US President Donald Trump and former vice-president Kamala Harris.

It is unclear who is responsible for the breach at OCC.

On Feb 26, the OCC disclosed a “cyber-security incident” involving an administrative account in the agency’s e-mail system, which it discovered that month. It identified a “limited number of affected e-mail accounts” and said they have since been disabled.

The hackers penetrated the mailboxes of senior deputy comptrollers, international banking supervisors and other staff, one of the people said.

In all, they had access to roughly 150,000 e-mails from May 2023 until they were discovered and ousted earlier in 2025, the draft letter to Congress said.

In the draft letter, Ms Baldwin said: “Earlier this year, the OCC discovered unauthorised access to a limited number of its executives’ and employees’ e-mails that contain highly sensitive information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes.”

The incident was reported to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (Cisa), and there was no indication of any impact on the financial sector “at this time”, OCC said in its initial disclosure.

Cisa operates as the cyber unit of the Department of Homeland Security, where it helps secure federal systems and shares information about digital threats with the public and private sector. BLOOMBERG