The Congressional Budget Office (CBO), which supports Congress with economic and budget analysis, is facing an ongoing cybersecurity breach that is affecting its communication systems. The breach was first discovered earlier this November, prompting internal alerts and risk-mitigation measures, including a directive for employees to avoid all digital exchanges with CBO staff.

The cyberattack is believed to involve a foreign actor with unknown access to internal messages, raising alarms across multiple branches of government.

Despite attempts by CBO officials to contain the breach and maintain operations, concerns remain high due to the agency’s sensitive role in the legislative process. The breach has renewed criticism of the digital security of federal institutions, especially those that handle confidential legislative proposals, economic forecasts, and communications between lawmakers.

Investigations are ongoing, and additional security controls have been put in place, though details about the attackers and the extent of the data accessed remain unclear.

Why It Matters: The CBO plays a central role in helping lawmakers understand the financial impact of proposed laws. A successful breach of its systems could expose critical legislative data, compromising trust in government communications and increasing the risk of manipulated or intercepted information during important policy negotiations.

• CBO Communications Deemed Untrustworthy by Other Agencies: Employees of the Library of Congress were advised in a department-wide message to avoid links or sharing data with CBO staff through any online platforms. The warning instructed workers to verify all CBO communication by telephone, reflecting concerns that the agency’s email and messaging platforms could be compromised by malicious actors.

• Foreign Actor Suspected in Infiltration of CBO Systems: Officials familiar with the investigation have indicated the attack may have been carried out by a foreign government. Although the CBO itself has not confirmed the identity of the intruder, sources have said that a “complex foreign actor” was responsible. Congressional leaders have stated they are working closely with cybersecurity officials and federal agencies to monitor the situation and prevent further intrusion.

• CBO’s Role Increases the Stakes: The CBO is not a large agency, but it plays a vital role in helping lawmakers determine the costs and economic consequences of legislation. Every major bill in Congress goes through a scoring process involving the CBO, making its communications and internal analysis highly valuable targets for espionage or disruption. The exposure of draft legislation or internal cost estimates could give attackers privileged insights about upcoming federal actions or funding decisions.

• CBO Claims to Have Taken Action but Remains Under Scrutiny: A spokesperson for the agency said it had implemented monitoring tools and new security controls, in addition to taking immediate steps to contain the breach. However, warnings remain in place with other government offices continuing to treat the CBO as a potential security risk. The agency is cooperating with investigations but has declined to share specific information about how the attackers gained access or which systems were affected.

• Part of a Larger Pattern of Federal Cybersecurity Incidents: The attack on the CBO follows similar breaches of U.S. government entities. In the past year, hackers linked to foreign governments have penetrated systems at the Treasury Department and the Office of the Comptroller of the Currency, among others. Cybersecurity officials have warned that vulnerabilities in widely used software products are likely to be exploited again by actors focused on targeting government bodies involved in economic or policy-related work.

Go Deeper -> Cybersecurity breach at Congressional Budget Office remains a live threat – Politico

Congressional Budget Office implementing new security controls following cyberattack – The Record

The Congressional Budget Office was hacked. It says it has implemented new security measures – Federal News Network