The US Library of Congress reports breach of email communications

The Library of Congress (LOC) is reporting a significant security breach involving their email systems. The Library of Congress is the primary research library serving the US Congress and functioning as the de facto national library of the United States.

The incident  impacted email communications between congressional offices and library staff, including the Congressional Research Service (CRS). The unauthorized access occurred over a nine-month period, from January to September 2024, with the compromise being attributed to an alleged foreign adversary.

The Library of Congress explicitly claims that House and Senate email networks, as well as the U.S. Copyright Office systems, remained unaffected by this incident.

The Library has confirmed they have implemented measures to address the vulnerability that enabled the breach and taken additional steps to prevent similar incidents from occurring in the future. They have also notified relevant law enforcement agencies and launched an investigation to determine the full scope of compromised communications

The exact number of affected individuals has not been disclosed. Similarly, the identity or origin of the foreign adversary is not revealed.