Congressional Budget Office confirms cyberattack, raises alarm over risks to US policy data
The Congressional Budget Office confirmed on Thursday that it was the target of a cyberattack, prompting fresh concerns about the security of US government networks and the potential exposure of sensitive budget and policy analysis.
In a statement, the nonpartisan agency said it had identified the incident, taken immediate steps to contain it, and implemented additional monitoring and new security controls. The CBO said work for Congress continues while the investigation proceeds. The office added that, like other public and private institutions, it faces periodic threats and continually monitors its networks.
Initial reporting indicated the breach appeared to originate from a foreign actor. While the CBO did not detail what systems were accessed, security experts warned that intrusion into internal communications, cost estimates, or draft economic models could provide adversaries with insight into congressional deliberations and the timing of bill releases.
James Faxon, managing director and chief information security officer at NukuDo and former head of cybersecurity for Boeing, said access to the CBO’s internal models would give a hostile nation strategic foresight. He noted that visibility into draft analyses could help predict sanctions and military funding levels, anticipate economic shifts before public disclosure, and adjust markets or state investment strategies.
The incident adds to a series of recent operations in which US adversaries have widened their focus beyond military and intelligence targets to include civilian and legislative institutions. Earlier cases have included intrusions tied to Chinese state interests, such as campaigns that penetrated government systems and major telecommunications providers to map infrastructure and harvest metadata. US officials have also warned about Russian military intelligence targeting technology and logistics firms that support Ukraine’s defense supply chains.
Officials said the CBO breach underscores how attackers are expanding the definition of strategic targets. Legislative support agencies maintain sensitive economic data and frequently communicate with lawmakers, making them attractive to threat actors seeking to understand or influence policy from the inside.
The CBO has not disclosed what data, if any, was exfiltrated. The agency said it will continue to assess the impact, strengthen defenses, and support Congress while the investigation remains active.
Photo Credit: DepositPhotos.com