Hackers intercepted about 103 bank regulators’ emails for more than a year, gaining access to highly sensitive financial information, according to two people familiar with the matter and a draft letter to Congress seen by Bloomberg News.

The attackers were able to monitor employee emails at the Office of the Comptroller of the Currency after breaking into an administrator’s account, said the people, asking not to be identified because the information isn’t public. OCC on Feb. 12 confirmed that there had been unauthorized activity on its systems after a Microsoft Corp. security team the day before had notified OCC about unusual network behavior, according to the draft letter.