The Office of the Comptroller of the Currency says "highly sensitive information" was accessed in a hack on its email system.
The regulator has notified Congress of what it says qualifies as a "major incident" that was discovered on 11 February.
The hack led to unauthorised access to a number of OCC executives’ and employees’ emails that "included highly sensitive information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes".
According to Bloomberg, the hackers had access to more than 150,000 emails after breaching the system in June 2023.
Access was cut off the day after the issue was discovered and third-party cybersecurity experts were called in to perform a full review of the internal investigation and forensics efforts. The OCC is also launching an evaluation of its current IT security policies.
“The confidentiality and integrity of the OCC’s information security systems are paramount to fulfilling its mission,” says Acting Comptroller of the Currency Rodney Hood. “I have taken immediate steps to determine the full extent of the breach and to remedy the long-held organizational and structural deficiencies that contributed to this incident."