WASHINGTON–The Office of the Comptroller of the Currency (OCC), which regulates national banks, has now confirmed it suffered a “major incident” security breach that resulted in the unauthorized access to several of its executives’ and employees’ emails that included “highly sensitive information relating to the financial condition” of supervised banks.
The OCC, which announced the breach had occurred in February, had said at that time “there is no indication of any impact to the financial sector at this time” resulting from the breach.
‘Unusual Interactions’
In a released statement on Feb. 11, the OCC—whose interim head is former NCUA Chairman Rodney Hood–said it learned of “unusual interactions between a system administrative account in its office automation environment and OCC user mailboxes.” At the time it also reported the incident to the Cybersecurity and Infrastructure Security Agency (CISA).
Now, following subsequent analysis of the compromised emails to determine their contents, the OCC said it has determined the incident met the conditions necessary to be classified as a “major incident.”
What Was Discovered
“The OCC discovered that the unauthorized access to a number of its executives’ and employees’ emails included highly sensitive information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes,” the OCC said in a statement.
In addition, the OCC said it has launched “an immediate and thorough evaluation of its current IT security policies and procedures to improve its ability to prevent, detect and remediate potential security incidents going forward.”
The OCC added it is also “working to engage” a different independent third-party to assess and analyze internal processes related to cyber incidents.
Administration Dials Back Crypto Crackdown
Separately, the Trump administration said it is disbanding a unit in the Justice Department that is responsible for investigating cryptocurrency crimes.
It said it is making the move because the Biden administration had been too aggressive in its oversight of the crypto industry.
Deputy Attorney General Todd Blanche, in announcing the change, called the earlier oversight of crypto had been “ill conceived and poorly executed.”
‘Narrowing the Focus’
Blanche has ordered the department to instead narrow the focus of cryptocurrency investigations to crimes such as fraud, drug trafficking and terrorism.
The move comes as the Trump administration has embraced crypto and relaxed other rules.
The Securities and Exchange Commission (SEC), for example, has dismissed lawsuits and pending investigations involving matters in which crypto firms had not registered as exchanges. It has also significantly reduced its staffing of a crypto enforcement unit.
Moving Forward
Moving forward, prosecutors have been instructed by Blanche to pursue only cryptocurrency cases “that involve conduct victimizing investors,” scams, hacking and use of crypto to finance other crimes like fentanyl or human trafficking. Such prosecutions, the memo said, “are important to restoring stolen funds to customers, building investor confidence in the security of digital asset markets and the growth of the digital asset industry.”
