- The US Congressional Budget Office confirmed a cyber incident
- The attack could come from a foreign adversary
- This is one of several recent incidents targeting US government institutions.
The US Congressional Budget Office has confirmed that it has been the target of a cybersecurity incident that it suspects is attributed to a foreign hacker.
The nonpartisan accounting service holds financial records and assessments for the legislature, as well as sensitive government information.
βThe Congressional Budget Office identified the security incident, took immediate action to contain it, and implemented additional monitoring and new security controls to further protect the agency’s systems in the future,β CBO spokesperson Caitlin Emma said in a statement.
A permanent threat
It’s very possible that sensitive data was compromised in the attack β and specific concerns have arisen about emails exchanged between analysts and congressional offices. It is likely that a breach could reveal economic forecasts, draft reports, personal contact details and political plans.
Such incidents are unfortunately all too common, and critical infrastructure comes under almost continual attack, both from private hackers and state-backed attackers β with the intent of data exfiltration, espionage, disruption, or, occasionally, for profit.
“The incident is under investigation and Congress’s work continues. Like other government agencies and private sector entities, CBO occasionally faces threats to its network and continually monitors to respond to these threats,” the statement continued.
This is not the first time that a department of Congress has been targeted. In late 2024, U.S. congressional staff were exposed in a Library of Congress email hack that compromised nearly a year of correspondence between legislative staff and researchers in what was termed a “foreign adversary” incident.
Although these are small-scale attacks that do not result in dramatic takeovers or shutdowns of government institutions, these incidents could provide foreign adversaries with valuable information about upcoming policies, economic expectations, or even access to networks. Access to internal communications could lead to sophisticated social engineering attacks targeting employees, leading to even more serious incidents.
Via NextGov
The best identity theft protection for every budget
