Congressional Budget Office confirms it was hacked

The U.S. Congressional Budget Office (CBO) has officially acknowledged a security breach within its systems. In a statement to TechCrunch, spokesperson Caitlin Emma disclosed that the agency is actively investigating the incident. Immediate measures have been enacted to contain the breach, alongside enhancements in monitoring and security protocols aimed at fortifying the agency against future threats. The CBO, known for its nonpartisan role in providing economic analysis and cost estimates to lawmakers throughout the federal budget process, faces significant challenges in the wake of this incident. Reports from The Washington Post, which first broke the news, indicate that foreign hackers are believed to be responsible for the breach. CBO officials are particularly concerned that internal communications, including emails and chat logs between lawmakers and CBO researchers, may have been compromised. In response to the situation, the Senate Sergeant at Arms, the law enforcement authority for the Senate, has alerted congressional offices about the breach. They warned that the hackers could have utilized the compromised emails to execute phishing attacks. The method through which the hackers infiltrated the CBO's network remains unclear. However, cybersecurity expert Kevin Beaumont suggested on Bluesky that vulnerabilities in the CBO’s outdated Cisco firewall might have facilitated the intrusion. Beaumont pointed out that the firewall had not received updates since 2024 and was exposed to several newly identified security vulnerabilities, which are reportedly being exploited by hackers potentially linked to the Chinese government. Notably, the firewall was still unpatched when the federal government shutdown commenced on October 1. As of Thursday, Beaumont noted that the compromised firewall has been taken offline. When approached for comment regarding these claims, the CBO’s spokesperson refrained from providing further details, and inquiries directed to Cisco representatives went unanswered.