The **Congressional Budget Office (CBO)**, a critical U.S. legislative agency responsible for independent financial analysis and budget scoring, suffered a **sophisticated cyber breach** by a suspected foreign threat actor. The intrusion compromised **sensitive communications**, including internal emails and chat logs between lawmakers’ offices and CBO researchers, risking exposure of confidential legislative deliberations and economic projections that shape federal policy. While detected early, the breach disrupted operations, prompting some congressional offices to **halt email correspondence** with the CBO, delaying budget analyses and legislative scoring.The attack threatens the **integrity of U.S. legislative processes**, particularly amid partisan disputes over debt projections. The suspected state-sponsored nature of the breach suggests a targeted effort to influence or surveil **federal financial policymaking**, with potential long-term implications for national security. Though containment measures were implemented, the incident highlights vulnerabilities in **government cybersecurity defenses** against advanced persistent threats (APTs), raising concerns about the protection of classified legislative data and the broader stability of U.S. institutional trust.
Source: https://cyberpress.org/hacks-u-s-congressional-budget-office/
Congressional Budget Office cybersecurity rating report: https://www.rankiteo.com/company/congressional-budget-office
"id": "con5793057110725",
"linkid": "congressional-budget-office",
"type": "Breach",
"date": "11/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': ['U.S. Congress (lawmakers and '
'staff)',
'federal legislative process'],
'industry': 'government (legislative branch)',
'location': 'Washington, D.C., USA',
'name': 'Congressional Budget Office (CBO)',
'type': 'U.S. federal legislative agency'}],
'data_breach': {'data_exfiltration': 'suspected (not confirmed)',
'sensitivity_of_data': 'high (legislative and budgetary '
'deliberations)',
'type_of_data_compromised': ['sensitive communications',
'internal emails',
'office chat logs']},
'date_detected': 'recent days (exact date unspecified)',
'description': 'The Congressional Budget Office (CBO), Congress’s independent '
'financial analyst, was compromised by a suspected foreign '
'threat actor in a significant cybersecurity breach targeting '
'U.S. legislative infrastructure. The incident potentially '
'exposed sensitive communications between lawmakers and CBO '
'researchers, disrupting budget analysis and legislative '
'scoring processes. Early detection and containment measures '
'were implemented, but concerns remain about accessed internal '
'emails, chat logs, and the broader impact on legislative '
'operations.',
'impact': {'brand_reputation_impact': ["potential erosion of trust in CBO's "
'analytical independence',
'concerns over data security in '
'legislative processes'],
'data_compromised': ['sensitive communications',
'internal emails',
'office chat logs between congressional staff '
'and CBO researchers'],
'operational_impact': ['suspension of email correspondence between '
'congressional offices and CBO',
'disruptions to legislative scoring and '
'budget analysis',
'delays in supporting lawmakers with timely '
'financial assessments'],
'systems_affected': ['CBO internal networks',
'email systems',
'communication platforms']},
'initial_access_broker': {'high_value_targets': ['sensitive communications '
'between lawmakers and CBO',
'budget analysis data',
'legislative scoring '
'documents']},
'investigation_status': 'ongoing',
'lessons_learned': ['heightened cybersecurity vulnerabilities in federal '
'legislative infrastructure',
'need for robust protections against advanced persistent '
'threats (APTs)',
'importance of early detection in limiting breach scope'],
'motivation': ['espionage',
'influence on U.S. legislative/financial policy',
'access to sensitive budget analyses'],
'post_incident_analysis': {'corrective_actions': ['additional security '
'monitoring',
'enhanced controls',
'review of cybersecurity '
'protocols']},
'recommendations': ['strengthen cybersecurity defenses for legislative '
'agencies',
'enhance monitoring of communications between lawmakers '
'and analytical bodies',
'review access controls for sensitive budgetary data',
'improve incident response coordination with '
'congressional stakeholders'],
'references': [{'source': 'Public statement by CBO spokeswoman Caitlin Emma'}],
'response': {'communication_strategy': ['public statement by CBO spokeswoman '
'Caitlin Emma',
'notifications to lawmakers'],
'containment_measures': ['immediate containment actions',
'isolation of affected systems'],
'enhanced_monitoring': True,
'incident_response_plan_activated': True,
'remediation_measures': ['implementation of additional security '
'monitoring',
'enhanced controls']},
'stakeholder_advisories': ['notifications to congressional offices',
'suspension of email correspondence with CBO'],
'threat_actor': 'suspected foreign threat actor (potentially state-sponsored)',
'title': 'Cybersecurity Breach at the Congressional Budget Office (CBO) by '
'Suspected Foreign Threat Actor',
'type': ['cyber intrusion', 'data breach', 'advanced persistent threat (APT)']}