04-15-2025, 12:05 PM
News Hackers Had Access to 150,000 Emails in U.S. Treasury Email Breach
<p><img width="1024" height="1024" src="https://thecyberexpress.com/wp-content/uploads/Seal_of_the_Office_of_the_Comptroller_of_the_Currency.svg.png" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="U.S. Treasury email breach" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/Seal_of_the_Office_of_the_Comptroller_of_the_Currency.svg.png 1024w, https://thecyberexpress.com/wp-content/u...png?crop=1 300w, https://thecyberexpress.com/wp-content/u...png?crop=1 150w, https://thecyberexpress.com/wp-content/u...68x768.png 768w, https://thecyberexpress.com/wp-content/u...png?crop=1 600w, https://thecyberexpress.com/wp-content/u...png?crop=1 100w, https://thecyberexpress.com/wp-content/u...png?crop=1 96w, https://thecyberexpress.com/wp-content/u...png?crop=1 75w, https://thecyberexpress.com/wp-content/u...png?crop=1 350w, https://thecyberexpress.com/wp-content/u...50x750.png 750w" sizes="(max-width: 1024px) 100vw, 1024px" title="Hackers Had Access to 150,000 Emails in U.S. Treasury Email Breach 24"></p>The U.S. Treasury Department’s Office of the Comptroller of the Currency (OCC) has notified Congress of “a major information security incident” involving threat actor access to about 150,000 department emails.
While the official <a href="https://occ.gov/news-issuances/news-releases/2025/nr-occ-2025-30.html">announcement</a> of the U.S. Treasury email breach was short on details, Bloomberg <a href="https://archive.ph/XzfwJ#selection-1555.24-1555.47">reported</a> that a draft letter to Congress said that the unknown hackers had access to about 100 bank regulators' accounts and 150,000 e-mails from June 2023 until they were “discovered and ousted earlier this year.”
The announcement marks a significant step up from what was termed a “limited” incident in the initial <a href="https://occ.gov/news-issuances/news-releases/2025/nr-occ-2025-13.html">announcement</a> in February.
<h2>U.S. Treasury Email Breach Included Sensitive Financial Information</h2>
The OCC regulates all national banks and federal savings associations as well as federal branches and agencies of foreign banks, making a breach of the independent financial agency potentially significant.
The official statement said the OCC first became aware of the incident on Feb. 11, 2025, when the agency “learned of unusual interactions between a system administrative account in its office automation environment and OCC user mailboxes.”
After confirming the activity was unauthorized, the agency’s incident response protocols were initialized, which included engaging an independent third-party incident assessment and reporting the incident to the U.S. <a class="wpil_keyword_link" title="Cybersecurity" href="https://thecyberexpress.com/what-is-cybersecurity/" data-wpil-keyword-link="linked" data-wpil-monitor-id="21749">Cybersecurity</a> and Infrastructure Security Agency (CISA). The compromised administrative accounts were disabled and unauthorized access terminated.
While the review is ongoing, the OCC and the Treasury Department concluded that “based on the content of the emails and attachments reviewed thus far ... the incident met the conditions necessary to be classified as a major incident.”
Investigators determined that the access to executives’ and employees’ emails “included highly sensitive information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes.”
<h2>Not The First Treasury Department Breach</h2>
While the threat actor in the OCC breach remains unknown, the breach’s initial disclosure closely followed a Treasury Department breach <a href="https://www.nytimes.com/2024/12/30/us/politics/china-hack-treasury.html">reported</a> by the New York Times in December 2024 that was attributed to China-linked hackers.
China-linked threat actors are also believed to have been behind attacks on nine <a href="https://thecyberexpress.com/china-attack-on-u-s-telecom-networks/">U.S. telecom networks</a>, persistent infiltration of <a href="https://thecyberexpress.com/easterly-biden-cybersecurity-order/">U.S. critical infrastructure</a> – possibly in preparation for an attack on Taiwan – as well as July 2023 <a href="https://thecyberexpress.com/microsoft-security-hearing/">email breaches</a> of senior U.S. government officials responsible for handling relations with the People’s Republic of China (PRC).
“[W]hat we have found is likely just the tip of the iceberg,” outgoing CISA Director Jen Easterly <a href="https://www.cisa.gov/news-events/news/strengthening-americas-resilience-against-prc-cyber-threats">wrote</a> in January. “This unrelenting PRC campaign underscores the urgent need for robust <a class="wpil_keyword_link" title="cyber" href="https://thecyberexpress.com/cyber-news/" data-wpil-keyword-link="linked" data-wpil-monitor-id="21748">cyber</a> defense and vigilance across public and private sectors.”
https://thecyberexpress.com/us-treasury-email-breach/
<p><img width="1024" height="1024" src="https://thecyberexpress.com/wp-content/uploads/Seal_of_the_Office_of_the_Comptroller_of_the_Currency.svg.png" class="attachment-post-thumbnail size-post-thumbnail wp-post-image" alt="U.S. Treasury email breach" decoding="async" srcset="https://thecyberexpress.com/wp-content/uploads/Seal_of_the_Office_of_the_Comptroller_of_the_Currency.svg.png 1024w, https://thecyberexpress.com/wp-content/u...png?crop=1 300w, https://thecyberexpress.com/wp-content/u...png?crop=1 150w, https://thecyberexpress.com/wp-content/u...68x768.png 768w, https://thecyberexpress.com/wp-content/u...png?crop=1 600w, https://thecyberexpress.com/wp-content/u...png?crop=1 100w, https://thecyberexpress.com/wp-content/u...png?crop=1 96w, https://thecyberexpress.com/wp-content/u...png?crop=1 75w, https://thecyberexpress.com/wp-content/u...png?crop=1 350w, https://thecyberexpress.com/wp-content/u...50x750.png 750w" sizes="(max-width: 1024px) 100vw, 1024px" title="Hackers Had Access to 150,000 Emails in U.S. Treasury Email Breach 24"></p>The U.S. Treasury Department’s Office of the Comptroller of the Currency (OCC) has notified Congress of “a major information security incident” involving threat actor access to about 150,000 department emails.
While the official <a href="https://occ.gov/news-issuances/news-releases/2025/nr-occ-2025-30.html">announcement</a> of the U.S. Treasury email breach was short on details, Bloomberg <a href="https://archive.ph/XzfwJ#selection-1555.24-1555.47">reported</a> that a draft letter to Congress said that the unknown hackers had access to about 100 bank regulators' accounts and 150,000 e-mails from June 2023 until they were “discovered and ousted earlier this year.”
The announcement marks a significant step up from what was termed a “limited” incident in the initial <a href="https://occ.gov/news-issuances/news-releases/2025/nr-occ-2025-13.html">announcement</a> in February.
<h2>U.S. Treasury Email Breach Included Sensitive Financial Information</h2>
The OCC regulates all national banks and federal savings associations as well as federal branches and agencies of foreign banks, making a breach of the independent financial agency potentially significant.
The official statement said the OCC first became aware of the incident on Feb. 11, 2025, when the agency “learned of unusual interactions between a system administrative account in its office automation environment and OCC user mailboxes.”
After confirming the activity was unauthorized, the agency’s incident response protocols were initialized, which included engaging an independent third-party incident assessment and reporting the incident to the U.S. <a class="wpil_keyword_link" title="Cybersecurity" href="https://thecyberexpress.com/what-is-cybersecurity/" data-wpil-keyword-link="linked" data-wpil-monitor-id="21749">Cybersecurity</a> and Infrastructure Security Agency (CISA). The compromised administrative accounts were disabled and unauthorized access terminated.
While the review is ongoing, the OCC and the Treasury Department concluded that “based on the content of the emails and attachments reviewed thus far ... the incident met the conditions necessary to be classified as a major incident.”
Investigators determined that the access to executives’ and employees’ emails “included highly sensitive information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes.”
<h2>Not The First Treasury Department Breach</h2>
While the threat actor in the OCC breach remains unknown, the breach’s initial disclosure closely followed a Treasury Department breach <a href="https://www.nytimes.com/2024/12/30/us/politics/china-hack-treasury.html">reported</a> by the New York Times in December 2024 that was attributed to China-linked hackers.
China-linked threat actors are also believed to have been behind attacks on nine <a href="https://thecyberexpress.com/china-attack-on-u-s-telecom-networks/">U.S. telecom networks</a>, persistent infiltration of <a href="https://thecyberexpress.com/easterly-biden-cybersecurity-order/">U.S. critical infrastructure</a> – possibly in preparation for an attack on Taiwan – as well as July 2023 <a href="https://thecyberexpress.com/microsoft-security-hearing/">email breaches</a> of senior U.S. government officials responsible for handling relations with the People’s Republic of China (PRC).
“[W]hat we have found is likely just the tip of the iceberg,” outgoing CISA Director Jen Easterly <a href="https://www.cisa.gov/news-events/news/strengthening-americas-resilience-against-prc-cyber-threats">wrote</a> in January. “This unrelenting PRC campaign underscores the urgent need for robust <a class="wpil_keyword_link" title="cyber" href="https://thecyberexpress.com/cyber-news/" data-wpil-keyword-link="linked" data-wpil-monitor-id="21748">cyber</a> defense and vigilance across public and private sectors.”
https://thecyberexpress.com/us-treasury-email-breach/