- The US Congressional Budget Office has confirmed a cyber incident
- The attack may be from a foreign adversary
- This is one of many recent incidents targeting US government institutions
The US Congressional Budget Office has confirmed it was targeted in a cyber security incident it suspects can be attributed to a foreign hacker.
The nonpartisan accounting service maintains financial records and assessments for the legislative branch and holds sensitive government information.
“The Congressional Budget Office has identified the security incident, has taken immediate action to contain it, and has implemented additional monitoring and new security controls to further protect the agency’s systems going forward,” CBO spokeswoman Caitlin Emma said in a statement.
A persistent threat
It’s very possible that sensitive data was compromised in the attack — and specific concerns have arisen about emails exchanged between analysts and congressional offices. It is likely that a breach could reveal financial forecasts, draft reports, personal contact information and policy plans.
Incidents like these are unfortunately all too common, and critical infrastructure is under near-constant attack, both from private hackers and state-sponsored attackers – with the intention of wiping out data, espionage, disruption, or occasionally for profit.
“The incident is under investigation and work for Congress continues. Like other government agencies and private sector entities, CBO occasionally faces threats to its network and continuously monitors to address those threats,” the statement continued.
This is not the first time a congressional department has been targeted. In late 2024, US congressional staff were exposed in a Library of Congress email hack, which compromised nearly a year of correspondence between legislative staff and researchers in what was labeled a ‘foreign adversary’ incident.
While these may seem like small attacks that do not result in dramatic takeovers of government institutions or shutdowns, the incidents can provide foreign adversaries with valuable information about upcoming policies, economic expectations, or even network access. Access to internal communications can lead to sophisticated social engineering attacks targeting employees, which can lead to even more serious incidents.
Via NextGov
The best protection against identity theft for all budgets
