A February security breach at the national bank regulator affected an account that “existed solely” in the cloud environment, with no evidence of compromise “affecting other accounts in the tenant,” the regulator said in a letter to banks it released publicly Tuesday.
The Office of the Comptroller of the Currency (OCC) said the breach – which it described April 8 as a “major incident” in a message to Congress – said an outside cybersecurity firm (Virginia-based Mandiant) conducted a forensics and incident assessment of the breach. OCC also engaged cybersecurity forensics firms Microsoft GHOST and CrowdStrike, the agency said.
The OCC said it has verified that, since Feb. 11 when it discovered the security breach, there has been o indication of additional activity or lateral movement within OCC IT systems by the threat actor. Mandiant, the agency said, on April 10 confirmed the cloud environment scope of the breach.
“Further, the OCC is expeditiously working to engage outside counsel to thoroughly evaluate the OCC’s current IT security policies and procedures to improve its ability to prevent, detect, and remediate potential security incidents going forward,” the agency said in its letter. “The OCC is committed to acting on recommendations made as a result of the evaluation.”
The agency also said that, via Mandiant, it is conducting a “thorough review” of two of its systems serving banks: BankNet and the Large File Transfer (LFT) systems. The agency indicated banks use both to share supervisory information.
“While OCC conducts regular penetration tests and security assessments on BankNet and other OCC communication systems, we have requested this additional comprehensive review to confirm its security.”
The agency added it will share information from Mandiant when the review has been completed. It also said it has requested CrowdStrike conduct a similar assessment and will also share findings.
OCC Releases Letter on Information Security Incident to Supervised Institutions
Leave a Reply