Banking Groups Call on US Treasury to Enhance Security Following Email Breach

Trade Groups Push US Treasury for Stronger Cybersecurity Measures

Trade organizations in the financial sector are calling on the US Treasury to enhance cybersecurity protocols following the breach of sensitive emails belonging to over 100 bank regulators that persisted for more than a year.

A letter addressed to Treasury Secretary Scott Bescent was sent on Monday, urging federal regulators to strengthen data protection standards. The groups emphasized the need to notify entities involved in security breaches affecting data within three days. They also proposed that regulators should discontinue the practice of requiring banks and financial institutions to transmit sensitive information through online portals and emails.

The letter was endorsed by several associations including the American Bankers Association and the Institute for Banking Policy, among others.

The correspondence expressed deep concerns regarding the cybersecurity risk management practices of federal regulatory agencies. The groups highlighted the necessity for significant reforms to prevent regulatory shortcomings from posing unneeded risks to businesses.

This call for action comes just two months after Bloomberg News reported that hackers had infiltrated employees’ email accounts within the currency secretary’s office, potentially exposing around 150,000 emails. An official from the OCC, which operates independently within the Treasury, acknowledged the violation in a letter to Congress, indicating that the sensitive bank information compromised could significantly erode public trust.

An OCC spokesperson chose not to comment on the letter, and the Treasury did not respond to requests for comments.

Reports previously mentioned that unidentified hackers accessed the system via administrative accounts lacking basic cybersecurity protections. The OCC had also refrained from commenting on the absence of multifactor authentication protocols.

The letter added that it is crucial for federal regulators to recognize their vulnerability to cyber threats and to adopt cybersecurity and incident response practices comparable to those expected from financial institutions.

Following the disclosure of these breaches, major banks in the US have begun to limit the sharing of information with regulators. While providing routine financial data, including sensitive national security letter details, these banks are now enabling regulators to manage data within their own systems. This includes restricting actions like downloading, copying, or printing information during on-site reviews.

The Treasury itself experienced separate cybersecurity incidents last year. In December, it was revealed that a hacker linked to the Chinese government accessed the network through a third-party provider, compromising several documents and the former Secretary Janet Yellen’s computer.