The Office of the Comptroller of the Currency, which regulates and supervises national banks, on Tuesday said it notified Congress of a February hack that it called a “major information security incident.”

The breach was first disclosed in February when it learned of “unusual interactions between a system administrative account in its office automation environment and OCC user mailboxes,” an OCC news release states. 

According to Bloomberg, the hackers had access to more than 150,000 emails after breaching the system in June 2023.

“The confidentiality and integrity of the OCC’s information security systems are paramount to fulfilling its mission,” said Acting Comptroller of the Currency Rodney Hood.

MALWARE EXPOSES 3.9 BILLION PASSWORDS IN HUGE CYBERSECURITY THREAT

The OCC first learned of the incident on Feb. 11. Compromised administrative accounts were shut off the next day.

“The OCC discovered that the unauthorized access to a number of its executives’ and employees’ emails included highly sensitive information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes,” the agency said.

The OCC said it has reached out to third-party cybersecurity experts to conduct a review of IT security protocols to prevent future attacks. 

STAY PROTECTED & INFORMED! GET SECURITY ALERTS & EXPERT TECH TIPS — SIGN UP FOR KURT’S ‘THE CYBERGUY REPORT’ NOW

“I have taken immediate steps to determine the full extent of the breach and to remedy the long-held organizational and structural deficiencies that contributed to this incident,” Hood said. “There will be full accountability for the vulnerabilities identified and any missed internal findings that led to the unauthorized access.”

Throughout its review, the OCC has coordinated with the Treasury Department to share information about its findings.