The US Congressional Budget Office has confirmed a cyber incident

The attack may have been from a foreign adversary

This is one of many recent incidents targeting US government institutions

The US Congressional Budget Office has confirmed it was targeted in a cybersecurity incident it suspects can be attributed to a foreign hacker.

The non-partisan accounting service holds financial records and assessments for the legislative branch, and holds sensitive government information.

“The Congressional Budget Office has identified the security incident, has taken immediate action to contain it, and has implemented additional monitoring and new security controls to further protect the agency’s systems going forward,” CBO spokesperson Caitlin Emma said in a statement.

A continuous threat

It’s very possible that sensitive data was compromised in the attack - and specific concerns have arisen around emails exchanged between analysts and congressional offices. It’s likely a breach could expose economic forecasts, draft reports, personal contact details, and policy plans.

Incidents like these are sadly all too common, and critical infrastructure suffers almost continual attacks, both from private hackers and state-backed attackers - with the intention of exfiltrating data, espionage, disruption, or occasionally for profit.

"The incident is being investigated and work for the Congress continues. Like other government agencies and private sector entities, CBO occasionally faces threats to its network and continually monitors to address those threats," the statement continues.

This isn’t the first time a congressional department has been targeted. In late 2024, the US Congressional staff were exposed in a Library of Congress email hack which compromised almost a year’s worth of correspondence between legislative staff and researchers in what was labelled as a ‘foreign adversary’ incident.

Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

Although these may seem like small-scale attacks that don’t result in dramatic takeovers of government institutions or shut downs, the incidents could give foreign adversaries valuable information into upcoming policies, economic expectations, or even network access. Access to internal communications could lead to sophisticated social engineering attacks aimed at employees, leading to even more serious incidents.

Via NextGov