JPMorgan Chase and Bank of New York Mellon have reportedly scaled back electronic information sharing with the Office of the Comptroller of the Currency (OCC) following a significant breach of the regulator’s email system.
The hack led to unauthorised access to over 100 OCC executives’ and employees’ emails that "included highly sensitive information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes".
It is believed that the hackers gained access to more than 150,000 emails after breaching the system in June 2023. Banks have been spooked by the incident amid fears that the compromised material could be used for targeted cyberattacks or extortion against banks.
While the OCC has yet to disclose details on the material accessed, financial institutions routinely corresponded with the regulator on matters related to their financial health, cybersecurity protections, vulnerability assessments, and other sensitive issues.
According to Bloomberg, the banks’ decision to limit information sharing stems from concerns about potential security risks to their own computer networks in the wake of the OCC breach. It is unclear whether other major banks have taken similar action.
In a letter updating banks on its response to the attack, the OCC acknowledges the fears that firm might have over ongoing communications: "We recognize regulated institutions may have questions about their provision of requested supervisory information for OCC examinations. OCC examiners are available to work with individual institutions to answer their questions and ensure the secure exchange of required supervisory information."