The OCC notified Congress of a major information security incident, as required by the Federal Information Security Modernization Act.
About the Incident: In a news release, the OCC said:
- Internal and independent third-party reviews found OCC emails and email attachments were subject to unauthorized access.
- On Feb. 11, the OCC learned of unusual interactions between a system administrative account in its office automation environment and OCC user mailboxes.
- On Feb. 12, the OCC confirmed the activity was unauthorized, activated its incident response protocols, reported the incident to the Cybersecurity and Infrastructure Security Agency, disabled the compromised administrative accounts, and confirmed that the unauthorized access had been terminated.
Sensitive Information: The OCC said the incident resulted in unauthorized access to a number of its executives’ and employees’ emails that included highly sensitive information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes.
Full Review: The agency said it is:
- Using third-party cybersecurity experts to perform a full review of the investigation and forensics efforts.
- Launching an immediate and thorough evaluation of its IT security policies and procedures.
- Working to engage an additional independent third-party to assess and analyze internal processes related to cyber incidents.
ICBA Resources: Cyber and data security resources for community banks are available on the ICBA website.
