Technology
Cybersecurity

US Bank Regulator Didn’t Have Safeguard on Hacked Email Account

  • Account allegedly didn’t have multifactor authentication on
  • Attackers spied on more than 100 bank regulators’ emails
Contact us:
Provide news feedback or report an error
Confidential tip?
Send a tip to our reporters
Site feedback:
Take our SurveyNew Window
By and

The US Office of the Comptroller of the Currency didn’t have a basic protection enabled on an email account hackers exploited to spy on the messages of more than 100 bank regulators for over a year, according to two people familiar with the matter.

If multifactor authentication had been turned on it likely would have stopped the attackers, who accessed roughly 150,000 emails from May 2023 until they were discovered and ousted earlier this year, the people said. They asked not to be identified because the information about the hack isn’t public.

HomeBTV+Market DataOpinionAudioOriginalsMagazineEvents
News
MarketsEconomicsTechnologyPoliticsGreenCryptoAI
Work & Life
WealthPursuitsBusinessweekCityLabSportsEqualityManagement & Work
Market Data
StocksCommoditiesRates & BondsCurrenciesFuturesSectorsEconomic Calendar
Explore
NewslettersExplainersPointed News QuizThe Big TakeGraphicsSubmit a TipAbout Us
Terms of ServiceTrademarksPrivacy Policy
CareersMade in NYCAdvertise
Ad Choices
Help©2025 Bloomberg L.P. All Rights Reserved.