The Congressional Budget Office confirms it was hacked

The US Congressional Budget Office confirmed that it had been hacked.

The agency is investigating the breach and “identified the security incident, took immediate action to contain it, and implemented additional monitoring and new security controls to further protect the agency’s systems moving forward,” CBO spokeswoman Caitlin Emma told TechCrunch on Friday.

CBO is a nonpartisan agency that provides economic analysis and cost estimates to lawmakers during the federal budget process, including after legislative bills are approved at the committee level in the House and Senate.

On Thursday, The Washington Post, which revealed for the first time The hack reported that unspecified foreign hackers were behind the hack. According to the newspaper, CBO officials are concerned that hackers have accessed internal emails and chat logs, as well as communications between lawmakers’ offices and CBO researchers.

Reuters I mentioned The Senate Sergeant at Arms, the Senate’s law enforcement agency, notified congressional offices of the breach, warning them that emails between the CBO and the offices could have been compromised and used to craft and send phishing attacks.

It is unclear how the hackers gained access to the CBO network. But shortly after news of the hack spread, security researcher Kevin Beaumont said books Bluesky suspects that the hackers may have exploited CBO’s legacy Cisco firewall to break into the agency’s network.

Last month, Beaumont noted that the CBO had a Cisco ASA firewall on its network that was last patched in 2024. At the time of publication, the CBO’s firewall was allegedly vulnerable to the breach A series of newly discovered security bugs, Which was exploited by hackers suspected of being supported by the Chinese government.

Beaumont said the CBO’s firewall had not been patched by the time the federal government shutdown went into effect on October 1.

Thursday, Beaumont He said The firewall is now offline.

A spokesman for the Congressional Budget Office declined to comment when asked about Beaumont’s findings. Cisco spokespersons did not immediately respond to a request for comment.