A federal agency that supplies budget and economic information to Congress has suffered a cybersecurity incident, reportedly at the hands of a suspected foreign party.
A spokesperson for the Congressional Budget Office (CBO) acknowledged the incident Thursday after The Washington Post reported that the office was hacked, with the attackers potentially accessing communications between lawmakers and researchers at the agency.
“The Congressional Budget Office has identified the security incident, has taken immediate action to contain it, and has implemented additional monitoring and new security controls to further protect the agency’s systems going forward,” said the CBO spokesperson, Caitlin Emma.
Congress established the office in 1974 to serve as a nonpartisan research organization for the legislative branch. Republicans took aim at the CBO this year when it assessed that a GOP tax and spending policy bill would add trillions to the national debt, prompting conservatives to criticize its conclusions.
It’s not unprecedented for unauthorized parties to obtain access to sensitive information from congressional offices. Hackers who broke into the Library of Congress last year were able to read email correspondence with offices on Capitol Hill. And breach of a health insurance marketplace two years ago exposed the data of House staffers.
The CBO says it has 275 staffers. It requested a budget of $76 million for fiscal 2026, an 8% increase. Nearly half of the increase would “address increased costs to enhance the agency’s cybersecurity and IT infrastructure; such improvements are critical to protecting sensitive data and improving the agency’s computing power for analyzing complex data sets,” according to that request.
The Post reported that officials believe they caught the intrusion early.
“The incident is being investigated and work for the Congress continues,” Emma said. “Like other government agencies and private sector entities, CBO occasionally faces threats to its network and continually monitors to address those threats.”
Greg Otto contributed reporting to this story.