An official website of the United States government
Suspended OCC systems are back online. Click here for more information.
Share This Page:
WASHINGTON — As previously communicated, late Wednesday evening on February 25, 2026, a cybersecurity researcher acting in good faith in accordance with the OCC’s Vulnerability Disclosure Policy reported to the OCC’s cybersecurity team that he had discovered a cybersecurity vulnerability affecting the BankNet Portal and related OCC systems.1 The researcher shared the detailed steps of his activities. The OCC took immediate action and successfully remediated the identified vulnerability on Thursday, February 26, which the researcher has tested and validated.
Following the remediation of the vulnerability, personnel from the Department of the Treasury and OCC worked through the weekend of February 28 and reviewed months of activity logs associated with the BankNet Portal and related systems before and after the cyber activity occurred, including all users who had access to impacted systems during the designated time frame. Upon the completion of a thorough forensics investigation, the OCC can confirm there was no data exfiltration and no one other than the known researcher was able to access the systems during the designated time frame. The vulnerability was contained to the identified OCC systems.
The OCC is bringing the BankNet Portal and related systems back online given its confidence in the forensics and remediation performed. The OCC is working with its supervised institutions to provide information and address questions. The OCC is also resuming previously planned testing of its systems and is implementing enhanced monitoring to ensure safety and security remain a top priority.
1 BankAssessment, BankNet Portal, CAMP (Case Analysis Management Program), Canary, CATS (Central Application Tracking System), CCM (Common Case Management), CRA-QACR (Community Reinvestment Act-Qualifying Activity Confirmation Request), LFT (Large File Transfer), MLR (Money Laundering Risk).
