The Office of the Comptroller of the Currency plans to reach out to financial institutions to let them know if their data was exposed in a recent security incident involving the agency’s email systems, according to a letter published today by the agency. It also plans to hold regular meetings with banks and other stakeholders “to ensure open lines of communication and share current information about findings and the status of efforts underway to resolve the incident.”
The OCC last week notified Congress of a cyber incident that led to unauthorized access to highly sensitive information about the financial condition of the institutions the agency supervises. The letter provides more specifics about the incident, including a timeline for when the agency first learned of the breach, the steps it took to determine what information had been accessed and what the OCC has since done to secure its systems.
“The OCC is committed to ensuring its supervised institutions are informed of its efforts to address the breach and to fortify its information security systems,” the letter states. In addition to the outreach to financial institutions, the agency said it is engaging with chief information security officers to discuss industry best practices to ensure the security of its systems. It also partnered with Microsoft GHOST and the cybersecurity forensic firms Mandiant and CrowdStrike to investigate the incident, which has turned up no evidence of further suspicious activity.
“We recognize regulated institutions may have questions about their provision of requested supervisory information for OCC examinations,” the agency said. “OCC examiners are available to work with individual institutions to answer their questions and ensure the secure exchange of required supervisory information.”
