WASHINGTON—A U.S. bank regulator on Friday disclosed a data breach involving a former agency employee’s unauthorized removal of more than 10,000 records.

The cybersecurity breach at the Office of the Comptroller of the Currency was detected in September while the agency was undertaking a retrospective two-year review of employees downloading information in an effort to help minimize cyberthreats.

The...