Treasury bureau notifies Congress that email hack was a \u2018major\u2019 cybersecurity incident | CyberScoop<\/title> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/treasury-bureau-notifies-congress-that-email-hack-was-a-major-cybersecurity-incident\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Treasury bureau notifies Congress that email hack was a \u2018major\u2019 cybersecurity incident\"> <meta property=\"og:description\" content=\"The OCC said the February incident resulted in the theft of \u201chighly sensitive information" tied to the financial conditions of federally regulated institutions.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/treasury-bureau-notifies-congress-that-email-hack-was-a-major-cybersecurity-incident\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-04-09T16:46:29+00:00\"> <meta property=\"article:modified_time\" content=\"2025-04-09T16:46:32+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/treasury-bureau-notifies-congress-that-email-hack-was-a-major-cybersecurity-incident-2.jpg\"> <meta property=\"og:image:width\" content=\"724\"> <meta property=\"og:image:height\" content=\"483\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"djohnson\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1742994400g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1744125154g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1740691656g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=a815169637cf454b7376\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/84131\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.7.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=84131\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ftreasury-bureau-notifies-congress-that-email-hack-was-a-major-cybersecurity-incident%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ftreasury-bureau-notifies-congress-that-email-hack-was-a-major-cybersecurity-incident%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-84131 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/treasury-bureau-notifies-congress-that-email-hack-was-a-major-cybersecurity-incident\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.382920110193\">\n<div class=\"single-article__header-content\" readability=\"29.820598006645\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/treasury-bureau-notifies-congress-that-email-hack-was-a-major-cybersecurity-incident\/\"> <span>Cybersecurity<\/span> <\/a> <\/li>\n<\/ul>\n<p> The OCC said the February incident resulted in the theft of \u201chighly sensitive information” tied to the financial conditions of federally regulated institutions. <\/p>\n<p>   <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"427\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/treasury-bureau-notifies-congress-that-email-hack-was-a-major-cybersecurity-incident.jpg?resize=640%2C427&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/treasury-bureau-notifies-congress-that-email-hack-was-a-major-cybersecurity-incident-2.jpg 724w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/treasury-bureau-notifies-congress-that-email-hack-was-a-major-cybersecurity-incident-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/treasury-bureau-notifies-congress-that-email-hack-was-a-major-cybersecurity-incident-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/treasury-bureau-notifies-congress-that-email-hack-was-a-major-cybersecurity-incident-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/treasury-bureau-notifies-congress-that-email-hack-was-a-major-cybersecurity-incident-2.jpg?resize=505,337 505w\" sizes=\"(max-width: 724px) 100vw, 724px\"><figcaption> US Treasury Department building, Washington DC (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"32.537250786988\"><body readability=\"66.961022762707\"><\/p>\n<p>The Office of the Comptroller of the Currency has notified Congress that a February breach of its email system is classified as a major cybersecurity incident.<\/p>\n<p>The incident was first disclosed Feb. 26, though the OCC provided virtually no details at the time, only saying that it had resolved a security incident \u201cinvolving an administrative account in the OCC email system\u201d and that a \u201climited number of affected email accounts\u201d were disabled following a broader investigation.<\/p>\n<p>\u201cThere is no indication of any impact to the financial sector at this time,\u201d the OCC said in a statement. <\/p>\n<p>On Tuesday, the office provided an update, saying internal and independent investigations of email accounts and attachments indicate that OCC first became aware of the incident Feb. 11, when the office was notified of an administrative account that was interacting with agency mailboxes in an unusual fashion. The next day, IT staff confirmed the account\u2019s access was unauthorized and disabled the accounts.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cI have taken immediate steps to determine the full extent of the breach and to remedy the long-held organizational and structural deficiencies that contributed to this incident,\u201d Acting Comptroller of the Currency Rodney E. Hood said in a statement. \u201cThere will be full accountability for the vulnerabilities identified and any missed internal findings that led to the unauthorized access.\u201d<\/p>\n<p>According to the OCC, the incident has resulted in the theft of \u201chighly sensitive information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes.\u201d According to <a href=\"https:\/\/www.bloomberg.com\/news\/articles\/2025-04-08\/hackers-spied-on-100-bank-regulators-emails-for-over-a-year?ref=metacurity.com\">Bloomberg<\/a>, which obtained a draft copy of the letter sent to Congress, the compromise was extensive, exposing over 150,000 emails from 103 bank regulators that date back to May 2023.<\/p>\n<p>The federal government has yet to attribute the hack to a specific group or country, with OCC saying only that it is collaborating with the Cybersecurity and Infrastructure Security Agency and the Department of the Treasury during its investigations. The work of the OCC and the information available about the stolen emails suggest that espionage or financial motivations might be involved.<\/p>\n<p>\u201cRegulators\u2019 communications are often intertwined with sensitive macroeconomic and risk-posturing details. It could give attackers essentially a blueprint of sector-level risk in the U.S,\u201d said Gabrielle Hempel, a security operations strategist and threat intelligence researcher for Exabeam. \u201cNation-state actors could use this information to destabilize markets, manipulate currency policy, or further target regulated institutions.\u201d<\/p>\n<p>The OCC breach happened two months after the Department of the Treasury <a href=\"https:\/\/cyberscoop.com\/treasury-workstations-hacked-china-beyondtrust-identity-access-management\/\">suffered another hack<\/a>, first disclosed in December, that resulted in the compromise of multiple workstations and data, <a href=\"https:\/\/www.reuters.com\/technology\/cybersecurity\/chinese-hackers-accessed-yellens-computer-us-treasury-breach-bloomberg-news-2025-01-17\/\">including<\/a> the computer of then-Treasury Secretary Janet Yellen.<\/p>\n<p>The U.S. government attributed that hack to Chinese actors, and <a href=\"https:\/\/cyberscoop.com\/chinese-nationals-indictments-espionage-attacks\/\">last month<\/a> the Department of Justice indicted 12 Chinese nationals tied to the Ministry of State Security and i-Soon, a known hacking-for-hire contractor, for carrying out the compromise.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.2384105960265\">\n<div class=\"author-card\" readability=\"13\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/treasury-bureau-notifies-congress-that-email-hack-was-a-major-cybersecurity-incident-1.jpg?w=640&ssl=1\" alt=\"Derek B. Johnson\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Derek B. Johnson<\/h4>\n<p> Derek B. Johnson is a reporter at CyberScoop, where his beat includes cybersecurity, elections and the federal government. Prior to that, he has provided award-winning coverage of cybersecurity news across the public and private sectors for various publications since 2017. Derek has a bachelor\u2019s degree in print journalism from Hofstra University in New York and a master\u2019s degree in public policy from George Mason University in Virginia. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/treasury-bureau-notifies-congress-that-email-hack-was-a-major-cybersecurity-incident\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Treasury bureau notifies Congress that email hack was a \u2018major\u2019<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[78,452,4119,509],"tags":[86,454,4120,511],"class_list":["post-7529","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","category-cybersecurity-and-infrastructure-security-agency-cisa","category-office-of-the-comptroller-of-the-currency","category-treasury-department","tag-cybersecurity","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-office-of-the-comptroller-of-the-currency","tag-treasury-department"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/office-of-the-comptroller-of-the-currency\/\" rel=\"category tag\">Office of the Comptroller of the Currency<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/treasury-department\/\" rel=\"category tag\">Treasury Department<\/a>","tag_info":"Treasury Department","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7529","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7529"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7529\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7529"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7529"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7529"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7529,"date":"2025-04-09T11:46:29","date_gmt":"2025-04-09T16:46:29","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=84131"},"modified":"2025-04-09T11:46:29","modified_gmt":"2025-04-09T16:46:29","slug":"treasury-bureau-notifies-congress-that-email-hack-was-a-major-cybersecurity-incident","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/04\/09\/treasury-bureau-notifies-congress-that-email-hack-was-a-major-cybersecurity-incident\/","title":{"rendered":"Treasury bureau notifies Congress that email hack was a \u2018major\u2019 cybersecurity incident"},"content":{"rendered":"