US Congressional Budget Office hit by suspected cyberattack – here’s what we know
- The US Congressional Budget Office has confirmed a cyber incident
- The attack may have been from a foreign adversary
- This is one of many recent incidents targeting US government institutions
The US Congressional Budget Office has confirmed it was targeted in a cybersecurity incident it suspects can be attributed to a foreign hacker.
The non-partisan accounting service holds financial records and assessments for the legislative branch, and holds sensitive government information.
“The Congressional Budget Office has identified the security incident, has taken immediate action to contain it, and has implemented additional monitoring and new security controls to further protect the agency’s systems going forward,” CBO spokesperson Caitlin Emma said in a statement.
A continuous threat
It’s very possible that sensitive data was compromised in the attack – and specific concerns have arisen around emails exchanged between analysts and congressional offices. It’s likely a breach could expose economic forecasts, draft reports, personal contact details, and policy plans.
Incidents like these are sadly all too common, and critical infrastructure suffers almost continual attacks, both from private hackers and state-backed attackers – with the intention of exfiltrating data, espionage, disruption, or occasionally for profit.
“The incident is being investigated and work for the Congress continues. Like other government agencies and private sector entities, CBO occasionally faces threats to its network and continually monitors to address those threats,” the statement continues.
This isn’t the first time a congressional department has been targeted. In late 2024, the US Congressional staff were exposed in a Library of Congress email hack which compromised almost a year’s worth of correspondence between legislative staff and researchers in what was labelled as a ‘foreign adversary’ incident.
Although these may seem like small-scale attacks that don’t result in dramatic takeovers of government institutions or shut downs, the incidents could give foreign adversaries valuable information into upcoming policies, economic expectations, or even network access. Access to internal communications could lead to sophisticated social engineering attacks aimed at employees, leading to even more serious incidents.
Via NextGov
The best ID theft protection for all budgets
The US Congressional Budget Office has confirmed a cyber incident The attack may have been from a foreign adversary This is one of many recent incidents targeting US government institutions The US Congressional Budget Office has confirmed it was targeted in a cybersecurity incident it suspects can be attributed to…
