On April 8, the OCC announced it had notified Congress of a major information security incident, as required by the Federal Information Security Modernization Act. The incident involved unauthorized access to emails and their attachments, which contained highly sensitive information about the financial condition of federally regulated financial institutions used in the OCC’s examinations and supervisory oversight processes. The agency’s findings came from independent third-party reviews of the OCC’s data.

According to the OCC, it first learned of unusual interactions between a system administrative account and OCC user mailboxes on February 11. The agency took immediate steps to disable the compromised administrative accounts and initiated an independent third-party incident assessment to address the breach and its underlying causes. The OCC confirmed the activity was unauthorized on February 12 and first reported the security incident publicly on February 26.