US Financial Supervisory Agency Data Security System Hacked, Important Information Leaked

Illustration of hackers (photo: freepic)

JAKARTA - The United States Currency Supervisory Office (Office of the Comproller of the Currency / OCC) reports that major hacks have impacted the emails of executives and other employees in their institutions.

Berdasarkan rilis resminya, pelanggaran ini pertama kali terdeteksi pada 11 Februari, ketika tim OCC menemukan aktivitas suspicious yang melibatkan akun administrator sistem di lingkungan automasi kantor.

On February 12, the OCC confirmed that the activity was invalid and immediately activated the incident response protocol, started an independent third-party assessment and reported it to the Cybersecurity and Infrastructure Agency (CISA).

On the same day, the OCC deactivated the compromised administrator's account and ensured that unauthorized access had been discontinued.

After that, the OCC immediately started an analysis of the email messages that were infiltrated to find out their contents. This effort involves internal data experts and independent third parties, and is still ongoing.

From the results of the analysis, the OCC found that the information they had was very sensitive information regarding the financial condition of federally regulated financial institutions, which were used in the OCC inspection and surveillance process.

This report was submitted to the US Congress as a form of compliance with the Federal Information Security Modernization Act (FISMA).

"I have taken immediate steps to find out the extent to which these violations occurred and correct the long-standing weaknesses of organizations and structures and contribute to this incident," said Currency Watchdog Acting Officer.

Hood also confirmed there will be full responsibility for identified vulnerabilities and missed internal findings that led to this illegal access.

Until now, the OCC is still conducting further reviews of all data exposed and in collaboration with independent cybersecurity experts to re-evaluate the applicable IT's policies and security procedures.

The OCC is also exploring additional cooperation with third parties to strengthen governance and reporting systems for future cyber incidents.