When autocomplete results are available use up and down arrows to review and enter to select.
The OCC released a letter sent to supervised institutions regarding unauthorized access to OCC email systems. The letter included background on the February incident, the OCC’s response, and what financial institutions could expect going forward.
Background: The OCC on April 8 notified Congress of a major information security incident, as required by the Federal Information Security Modernization Act. In a news release, the OCC said:
Internal and independent third-party reviews found OCC emails and email attachments were subject to unauthorized access.
On Feb. 11, the OCC learned of unusual interactions between a system administrative account in its office automation environment and OCC user mailboxes.
On Feb. 12, the OCC confirmed the activity was unauthorized, activated its incident response protocols, reported the incident to the Cybersecurity and Infrastructure Security Agency, disabled the compromised administrative accounts, and confirmed that the unauthorized access had been terminated.
More: The OCC said the incident resulted in unauthorized access to several of its executives’ and employees’ emails that included highly sensitive information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes.
ICBA Resources: Cyber and data security resources for community banks are available on the ICBA website.