On April 14, the OCC released a letter providing more details on the recent security breach involving its email systems. The breach — identified as a major incident under the Federal Information Security Modernization Act (FISMA) — involved a third-party who accessed several OCC user accounts through an unauthorized administrative-level account. The OCC noted it has taken steps to disable the unauthorized account and is working to determine the extent of the data compromised.

As previously covered by InfoBytes, the OCC announced on April 8 it had notified Congress of a major information security incident after noticing unusual interactions between a system administrative account and OCC user mailboxes on February 11.

The OCC will notify each regulated institution if it finds that the unauthorized user accessed information specific to that institution. Furthermore, the OCC will provide all supervised institutions with email user domains included in the compromised information, allowing them to identify any data they may have sent to OCC users during the breach period. The OCC is engaging with industry chief information security officers to discuss best practices for enhancing system security. Additionally, the OCC is conducting comprehensive reviews of its communication systems to ensure future security.