The U.S. Office of the Comptroller of the Currency (OCC) confirmed that a breach of its email systems in February was a significant incident that exposed highly sensitive information.
An independent bureau of the Treasury Department, the OCC monitors the activities of all U.S. banks, including federal savings associations and agencies of foreign banks. In addition to safeguarding trillions of dollars in assets, these institutions also hold substantial stockpiles of private data belonging to consumers and businesses.
According to Bloomberg, hackers gained access to the mailboxes of 103 OCC officials, including senior deputy comptrollers and international banking supervisors. The breach went undetected for over a year, until a Microsoft security team noticed unusual network behavior.
All told, the bad actors were able to access over 150,000 emails during the they had access to the OCC’s systems. These communications included information about the condition of banks under federal oversight.
A Threat of National Proportions
According to a Bloomberg source, the cybercriminals were able to breach the OCC’s systems after hacking into an administrator’s account. It is unclear how the threat actors gained access, who they are, or what their motivations were.
However, it is clear that the emergence of new technologies has elevated cybercriminals to a threat of national security proportions. The U.S. National Security Administration (NSA) recently issued a cybersecurity advisory about fast flux—a tactic that allows bad actors to rapidly change the IP address associated with a domain name.
The NSA stated that because fast flux enables cybercriminals and nation-state actors to build command-and-control infrastructures that conceal nefarious activities, the technique poses a threat to national security.
Harm to Public Confidence
As fraud and scams have spiraled out of control, the extent of financial losses and data breaches has reached new heights. In addition to these losses, the constant barrage of fraud attacks could have even greater impacts—such as the loss of consumer confidence in critical aspects of the country’s essential infrastructure.
“The analysis concluded that the highly sensitive bank information contained in the emails and attachments is likely to result in demonstrable harm to public confidence,” wrote Kristen Baldwin, Chief Information Officer at the OCC, in a draft letter to Congress.
