A US banking regulator fears sensitive financial oversight data was stolen from its IT systems in what’s been described as “a major information security incident.”

The Office of the Comptroller of the Currency (OCC), the Treasury Department bureau that oversees US and foreign banks, said one of its administrative email accounts - with access to user inboxes and internal systems - was compromised, leading to the theft of data, potentially.

The security breach came to light on February 11, when Microsoft tipped off the OCC about suspicious activity within its email accounts. The agency confirmed the next day someone had gained unauthorized access. A public notice followed weeks later, and only now is the scale of the intrusion beginning to surface.

According to the bureau, snoops accessed “highly sensitive information relating to the financial condition of federally regulated financial institutions used in its examinations and supervisory oversight processes.”