# Report: OCC Hack Prompts Information Sharing Limits From Big Banks
A significant breach of the Office of the Comptroller of the Currency (OCC) email system has prompted major banks to scale back electronic information sharing with the regulator. According to a Bloomberg report released on Monday, April 14, JPMorgan Chase and Bank of New York Mellon have taken steps to limit their communication with the OCC due to concerns about potential security risks to their own computer networks.
The breach, detected in mid-February but impacting over 100 accounts for more than a year, is deemed a "major incident" by the OCC and the U.S. Treasury. The compromised emails may contain highly sensitive data provided by banks, including details on their financial health, cybersecurity protections, vulnerability assessments, and even the content of National Security Letters.
These letters often involve confidential information related to terrorism and espionage investigations. The banks' decision to limit information sharing stems from concerns about potential security risks to their own computer networks in the wake of the OCC breach. Representatives for JPMorgan and BNY declined to comment on the matter.
A spokesperson for the OCC told the network that the agency is working with third-party cybersecurity experts to review the hack and its IT security policies, and is keeping supervised institutions informed. The OCC also affirmed that onsite examiners retain necessary access to bank information.
Citigroup, operating under a tighter OCC consent order, has reportedly not limited its information sharing. It remains unclear if other major banks like Bank of America, Wells Fargo, and Goldman Sachs have taken similar actions as JPMorgan and BNY.
Bloomberg's sources indicate that some banks were unaware of the breach's full extent until recent reporting, raising questions about the OCC's initial response and security measures. The OCC is still working to determine the exact scope of the data compromised and whether affected banks need to be notified.
The incident has drawn scrutiny from the U.S. House Financial Services Committee and the U.S. Senate Committee on Banking, Housing, and Urban Affairs, which are seeking more information from the OCC. David P. Weber, a former OCC enforcement counsel, described the banks' actions as a "historic" challenge to the regulator's authority, signaling a "fundamental breakdown of the examination authority of the OCC."
Experts quoted in the Bloomberg report warn that the compromised material could be used for targeted cyberattacks or extortion against banks. The breach highlights the cybersecurity risks within the financial sector and has eroded trust between banks and their regulator.
The OCC has disclosed some affected staff accounts to the banks but has not yet detailed the types of data stolen, including cybersecurity-related information.
This incident serves as a wake-up call for the financial industry, emphasizing the need for robust cybersecurity measures to protect sensitive information. The long-term implications of this breach remain unclear, but one thing is certain – it will have far-reaching consequences for the OCC and its relationships with major banks.