Congressional Budget Office confirms it was hacked

U.S. Congressional Budget Office Confirms Cyberattack, Probes Foreign Hacker Involvement

The U.S. Congressional Budget Office (CBO) has confirmed it was the victim of a cybersecurity breach, raising fears that sensitive communications between lawmakers and federal analysts may have been compromised.

Caitlin Emma, a spokesperson for the CBO, told TechCrunch on Friday that the agency has already contained the incident and is taking further precautions.

“The agency has identified the security incident, has taken immediate action to contain it, and has implemented additional monitoring and new security controls to further protect the agency’s systems going forward,” Emma said.

A High-Value Target in Washington

The CBO is a nonpartisan federal agency responsible for providing economic forecasts and budgetary analysis to Congress. Its reports play a crucial role in shaping U.S. fiscal policy, making it a desirable target for espionage and cyberattacks.

The Washington Post, which first reported the breach, stated that foreign hackers were believed to be responsible for the intrusion. Officials reportedly fear that the attackers accessed internal emails, chat logs, and confidential communications between CBO analysts and congressional offices.

Meanwhile, Reuters reported that the Senate Sergeant at Arms — the upper chamber’s security authority — has warned lawmakers that stolen CBO emails could be used in targeted phishing campaigns impersonating government staff.

Experts Point to Outdated Cisco Firewall

While investigators have not yet confirmed the cause of the breach, cybersecurity researcher Kevin Beaumont suggested that hackers may have gained access through an unpatched Cisco ASA firewall on the CBO’s network.

Beaumont noted last month that the agency’s firewall had not been updated since 2024 and was vulnerable to a set of newly discovered security flaws already being exploited by state-sponsored Chinese threat actors.

According to Beaumont, the CBO’s firewall remained unpatched as of October 1, when the federal government shutdown began — potentially leaving the system exposed during the downtime.

By Thursday, he observed that the firewall had been taken offline, though it remains unclear whether that was part of the CBO’s containment measures.

The agency’s spokesperson declined to comment on Beaumont’s findings, and Cisco has not yet stated the reported vulnerability.

Potential Impact and Next Steps

If confirmed, the CBO attack would mark one of the most significant breaches of a federal research body since the SolarWinds and Microsoft Exchange campaigns, both of which exposed sensitive U.S. government communications.

Cybersecurity analysts warn that foreign adversaries could weaponise stolen data to influence policy debates or impersonate congressional staff in future phishing campaigns.

For now, the CBO says its systems are back online with enhanced monitoring and defensive protocols, but the full scope of the breach — and who was behind it — remains under investigation.