The Office of the Comptroller of the Currency recently reported to Congress that highly sensitive information about financial institutions had been accessed by an unauthorized party.
Today, the OCC provided a statement with additional details to the American Bankers Association and other trade groups:
“On April 8, the OCC notified Congress of a major information security incident, involving unauthorized access to an administrative service account in its office automation environment and OCC user mailboxes. The OCC disabled the compromised administrative accounts to eliminate the possibility of further unauthorized access and activated its incident response protocols that include an independent third-party assessment.
“The OCC is currently analyzing the compromised email messages to determine their contents and to identify potentially sensitive information that may have been accessed. This includes utilization of third-party cybersecurity experts to perform a full review of the investigation and forensics efforts as well as a thorough evaluation of the OCC’s current IT security policies and controls.
“The OCC is committed to transparency on what occurred and is currently in the process of notifying impacted parties to inform them of the security incident. All OCC-supervised institutions will receive an invitation to a call by April 10 to provide an overview of the security event, current forensic analysis efforts underway and next steps for communication to financial institutions potentially impacted by the compromise.
“As the OCC continues to review and analyze the compromised emails, OCC-supervised institutions can expect to receive updated communications from their OCC supervisory office or point of contact. If compromised sensitive information is identified, individual institutions will be notified of the impacted data. The OCC also will confirm when the forensic analysis has been concluded and all impacted institutions notified.
“Please feel free to reach out to your local OCC supervisory office or examiner in charge with any questions.”
