BlogSecurity
Blog3 minute read

Cyber Insights Report - April 18, 2025

A breach at the U.S. Treasury's Office of the Comptroller of the Currency (OCC) and cyber attacks on Australian super funds highlight critical vulnerabilities in email and identity security. These incidents underscore the urgent need for robust security measures, including zero trust architecture and modern IAM practices, to protect sensitive financial data and prevent significant financial losses.

In this blog

  1. U.S. Treasury and email compromise

 U.S. Treasury and email compromise

U.S. regulator Office of the Comptroller of the Currency (OCC) says its executives' emails were hacked ( link )

 Our take

The OCC, a bureau within the U.S. Treasury Department, disclosed a breach involving unauthorized access to executives' and employees' email accounts. The incident, attributed to longstanding organizational vulnerabilities, exposed sensitive information about federally regulated financial institutions. This breach underscores the critical need for robust email security measures and regular system audits.

 Talking points

  • Strengthening email security: Discuss the importance of securing email systems, especially within regulatory bodies handling sensitive financial data.
  • Addressing organizational vulnerabilities: Highlight the necessity of regular audits and updates to identify and remediate systemic weaknesses.
  • Promoting zero trust architecture: Advocate for implementing zero trust principles to ensure continuous verification of user identities and access privileges.

 Next steps

Australian super funds and IAM practices

Australian superannuation funds hit by cyber attacks, with members' money stolen ( link )

Our take

In April 2025, several Australian superannuation funds — including AustralianSuper, Rest, Hostplus and ART — were impacted by credential stuffing attacks, resulting in unauthorized access to member accounts and significant financial loss. These attacks exploited reused passwords and the absence of basic identity protections like multi-factor authentication (MFA). The breach has reignited calls for stronger identity and access management (IAM) practices in the financial services sector, especially for high-risk, consumer-facing portals.

Talking points

  • Modernizing identity controls: The attacks exposed how vulnerable accounts remain when legacy IAM practices—like username-password authentication—are left unchecked. Organizations must adopt modern identity protections like adaptive authentication and conditional access.
  • Role of MFA in consumer protection: Highlight the critical need to enforce MFA for all user-facing accounts. MFA is not a luxury for high-value accounts like retirement funds—it's table stakes.
  • IAM as a business risk enabler: Poor IAM practices don't just pose a security risk—they can create brand damage, regulatory consequences, and customer churn. The financial impact here makes a strong case for prioritizing IAM in public and private sector financial entities.

Next steps

  • Explore WWT's advisory and integration services around identity and access management (IAM). Contact your local WWT account team to learn more!
  • Request a maturity assessment to benchmark your current IAM strategy against industry best practices.
  • Schedule an IAM modernization workshop as part of WWT's Hour of Cyber program to address issues like MFA, identity lifecycle and access governance.