The Congressional Budget Office was hacked. It says it has implemented new security measures

The Congressional Budget Office (CBO) confirmed Thursday it had been hacked, potentially exposing sensitive government data to unauthorized parties in a breach that raises serious concerns about cybersecurity at a key federal institution.

The breach targets a critical government entity that provides nonpartisan economic and budget analysis to Congress. With approximately 275 employees, the CBO plays an essential role in the legislative process by producing cost estimates for nearly every bill approved by congressional committees and offering economic projections that shape major policy decisions.

“The agency has identified the security incident, has taken immediate action to contain it, and has implemented additional monitoring and new security controls to further protect the agency’s systems going forward,” said Caitlin Emma, a CBO spokeswoman, in a written statement.

The Washington Post first reported the breach, citing four anonymous sources who claimed a suspected foreign actor was behind the intrusion. However, the CBO has not confirmed the origin of the attack in its official statements.

“The incident is being investigated and work for the Congress continues,” Emma added. “Like other government agencies and private sector entities, CBO occasionally faces threats to its network and continually monitors to address those threats.”

This breach is particularly concerning given the sensitive nature of the data housed at the CBO. The office manages extensive datasets related to numerous critical policy areas, including immigration enforcement, international trade, taxation, and federal spending.

The timing raises additional concerns as the CBO has recently analyzed several high-profile policy initiatives, including the economic impact of deportation plans proposed during the Trump administration, potential effects of wide-ranging tariff implementations on global trade partners, and the fiscal implications of recent tax and spending legislation passed this summer.

Cybersecurity experts note that government agencies have increasingly become targets for sophisticated attacks, particularly from state-sponsored hackers seeking economic and policy intelligence. Federal institutions hold valuable information about government operations, economic projections, and policy considerations that could provide strategic advantages to foreign governments or other malicious actors.

The breach comes amid growing concerns about the vulnerability of U.S. government systems. In recent years, several major federal agencies have experienced significant cybersecurity incidents, including the Office of Personnel Management hack in 2015 that compromised personal data of millions of federal employees, and the SolarWinds supply chain attack in 2020 that affected numerous government departments.

While the CBO is a relatively small agency compared to cabinet-level departments, its role in providing economic analysis makes it a potential target for actors seeking insights into U.S. fiscal policy or economic forecasting. The office’s projections and analyses often influence major legislation and can move financial markets when released.

The CBO has not disclosed what specific data may have been compromised or when the breach was first detected. The agency indicated that it has implemented new security measures in response to the incident while maintaining its ongoing work for Congress.

Cybersecurity analysts suggest that the breach underscores the need for continued investment in digital security across all government agencies, regardless of size or profile. Even smaller federal offices can possess valuable information or serve as entry points to broader government networks.

Congressional oversight committees will likely seek more information about the breach, including its scope, the potential data compromised, and steps being taken to prevent similar incidents in the future.