Congressional Budget Office reports cyberattack exposing sensitive communications and economic data

The Congressional Budget Office, responsible for providing objective economic analysis to support lawmakers during the budget process, reports that it had been compromised in a cybersecurity incident that potentially exposed sensitive government communications and legislative research data. 

The breach is apparently ongoing as of the time of initial public notification. It's suspected to have been perpetrated by Chinese state-backed hackers.

The security breach was first reported by The Washington Post on November 6, 2025, citing four anonymous individuals with knowledge of the situation who identified the suspected foreign actor behind the intrusion. CNN obtained an internal email that had been distributed earlier in the week by the Senate Sergeant at Arms to congressional staff members, warning them about the active security incident. The email explicitly advised staffers to avoid clicking on any links sent from Congressional Budget Office email accounts because those accounts might still be compromised by the attackers.

The compromised data reportedly includes:

• Private communications between congressional offices and CBO staff regarding economic analyses and legislative proposals
• Internal email correspondence containing fiscal projections and policy evaluations
• Office chat logs and instant messaging conversations
• Key financial research data used to inform legislative decisions
• Non-public information about legislation in various stages of development, including national security-related bills
• Long-term budget projections and economic forecasts
• Analysis of sensitive policy issues including immigration enforcement, international trade, tax policy, and federal spending priorities

The nature of the attack and number of affected individuals is not disclosed.

CBO spokesperson Caitlin Emma issued a formal statement on Thursday 6th of November confirming the cyberattack. Emma emphasized that "the incident is being investigated and work for the Congress continues," attempting to reassure lawmakers and the public that the agency remains operational and capable of fulfilling its statutory responsibilities despite the ongoing security crisis.