TZUTC: -0500   
   MSGID: 956.consprcy@1:2320/105 2c5d1587   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   US regulator OCC notifies Congress of major security breach   
      
   Date:   
   Wed, 09 Apr 2025 14:00:00 +0000   
      
   Description:   
   Around 150,000 emails were accessed which included plenty of sensitive   
   information.   
      
   FULL STORY   
   ======================================================================   
    - The Office of the Comptroller of the Currency confirmed suffering a data   
   breach   
    - It told US Congress it was a "major information security incident"   
    - The identity of the miscreants is not known at this time   
      
   The Office of the Comptroller of the Currency (OCC), a US federal agency that   
   acts as a national banks regulator, confirmed suffering a cyberattack   
   recently.    
      
   In a short press release published on its website, the OCC said that in   
   February 2025 it identified, isolated and resolved a security incident   
   involving an administrative account in the OCC email system.    
      
   Running its due diligence, the OCC analyzed all email logs since 2022 and    
   said it identified a limited number of affected email accounts , all of which   
   have since been disabled.    
      
   100 regulators' emails    
      
   The OCC reported the incident to the Cybersecurity and Infrastructure    
   Security Agency, as required, the agency concluded. There is no indication of   
   any impact to the financial sector at this time.    
      
   The OCC is an independent bureau of the US Department of the Treasury that   
   regulates and supervises national banks and federal savings associations to   
   ensure they operate safely, soundly, and in compliance with laws and   
   regulations.    
      
   Its press release is quite vague, but the media managed to dig up a few more   
   details. Citing anonymous sources familiar with the matter, BleepingComputer   
   reports that the cybercriminals accessed more than 150,000 emails, and around   
   100 bank regulators emails.    
      
   It also said that OCC told the US Congress that this was a major information   
   security incident that was discovered on February 11 and remedied on February   
   12.    
      
   The OCC told the body that "the unauthorized access to a number of its   
   executives' and employees' emails included highly sensitive information   
   relating to the financial condition of federally regulated financial   
   institutions used in its examinations and supervisory oversight processes."    
      
   If all of this turns out to be true, this could be the second major   
   government-related data incident since Trump's election. The first happened   
   when The Atlantic's Jeffrey Goldberg was added to the White House Signal    
   group chat in which airstrikes in Yemen were discussed.    
      
    Via BleepingComputer   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/us-regulator-occ-notifies-congress-of-m   
   ajor-security-breach   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426