The United States Congressional Budget Office (CBO), known for providing impartial financial and economic analysis to lawmakers, has confirmed a major cybersecurity breach that shook Capitol Hill in early November 2025. The nonpartisan agency, established in 1974, plays a vital role in shaping the fiscal direction of the federal government by assessing the cost and impact of proposed legislation. The revelation of a potential foreign intrusion into its digital systems has triggered widespread concern over the security of sensitive government data and the broader readiness of U.S. federal networks to counter such attacks. This incident arrives at a time when government cybersecurity infrastructure is stretched thin due to an ongoing shutdown that has disrupted many protective operations across agencies.
The CBO first detected signs of unauthorised access in early November, between the 1st and 4th. Preliminary assessments indicated that internal communications, including email exchanges and chat logs between CBO staff and congressional offices, may have been compromised. These digital records often contain confidential fiscal data, draft analyses, and budgetary discussions used to prepare cost estimates for bills before Congress. Such information is not only politically sensitive but also economically valuable, as it can influence market expectations and policy debates. The agency’s internal cybersecurity teams moved quickly to investigate the breach and isolate affected systems before the matter became public.
On November 4 and 5, the Senate Sergeant at Arms, responsible for overseeing security for the Senate, sent out alerts to multiple congressional offices about the breach. Officials warned that some of the compromised accounts might be used for phishing attempts, including deceptive emails or voice messages designed to trick recipients into revealing further information. Offices were instructed to verify all communications that appeared to come from the CBO and avoid sharing confidential materials through those channels until further notice. The alerts also mentioned that some office chat logs might have been exposed, raising additional privacy concerns for both staff and lawmakers.
The breach was officially confirmed by the CBO on November 6, 2025. In a public statement, the agency said it had acted swiftly to contain the intrusion and that new layers of monitoring and security controls were being introduced. The agency emphasised that despite the incident, its work for Congress was continuing without interruption. A spokesperson for the CBO, Caitlin Emma, told reporters that the agency had deployed “enhanced security protocols” and that the investigation was ongoing. Media outlets, including Reuters, the Associated Press, and the Washington Post, soon began reporting that a suspected foreign actor, possibly backed by a state entity, was behind the intrusion.
By November 7, several reports indicated that the attack had not been fully neutralised. Politico stated that the breach might still be “live,” suggesting that the intruder could still have access to parts of the network or data caches. In response, staff from the Library of Congress were warned to exercise caution when handling any communication from CBO accounts. Some offices even suspended direct electronic contact with the agency until cybersecurity experts completed their review. The Washington Post quoted sources suggesting that the attack bore similarities to previous state-sponsored operations targeting federal institutions.
The details of the breach point to a carefully executed infiltration. Experts believe that phishing emails or the exploitation of unpatched software vulnerabilities could have been used to gain initial access. Once inside, attackers may have planted persistent tools, often called backdoors, that allow continued entry even after detection. While the CBO has not disclosed the full scope of data exposure, the compromised materials are believed to include draft legislative cost estimates and early-stage economic projections. These datasets could be used for manipulation or to shape foreign strategies in trade, energy, and financial markets.
US officials have not made a formal attribution, but multiple sources have suggested a link to Chinese hackers. CNN cited a government insider familiar with the investigation who claimed the breach fit a known pattern of Chinese cyber espionage focused on U.S. government institutions. In recent years, similar attacks have targeted the Library of Congress and other federal databases. The suspected motive ranges from gathering intelligence on U.S. policy to influencing economic decision-making indirectly. No hacking group has publicly claimed responsibility for the incident, reinforcing suspicions of a state-directed operation.
CBO’s internal response was swift but constrained by external factors. The agency’s cybersecurity division isolated affected systems, rolled out new firewalls, and imposed stricter access protocols. The spokesperson reaffirmed that CBO’s “work for Congress continues uninterrupted,” emphasising that critical economic reports and budget projections remained on schedule. Unlike the Cybersecurity and Infrastructure Security Agency (CISA), which furloughed over two-thirds of its staff during the ongoing government shutdown, the CBO did not lay off or suspend employees during its containment phase.
Congressional offices responded with caution and urgency. The Senate Sergeant at Arms continued issuing advisories to verify communications, while House Homeland Security Chairman Andrew Garbarino reached out to CISA for additional technical support. The Senate Budget Committee staff also confirmed heightened monitoring across shared systems but stated that disruptions to day-to-day operations were minimal. The situation, however, exposed how dependent congressional workflows have become on interlinked digital platforms, making even a single breach capable of creating cascading risks across multiple agencies.
The breach’s timing added to the concern. The federal government has been in the midst of a prolonged 37-day shutdown, the longest in U.S. history, leaving many cybersecurity functions underfunded or suspended. CISA, a key defender of federal digital infrastructure, has been operating with only 33% of its staff active, severely limiting its capacity to respond to nationwide threats. Acting Federal Chief Information Security Officer Mike Duffy’s team is said to be prioritising “high-impact intrusions,” with the CBO breach now ranking among the most serious. Experts have warned that proposed budget cuts under the new administration, particularly a 20% reduction in cybersecurity spending, could further weaken defence mechanisms across departments.
