Congressional Budget Office Hit by Cyberattack During Shutdown

The U.S. Congressional Budget Office (CBO), the nonpartisan federal agency responsible for providing economic and budgetary analysis to Congress, has confirmed it was the target of a cybersecurity breach. 

The incident, disclosed on November 6, 2025, underscores growing concerns about the vulnerability of government networks — particularly as the ongoing federal government shutdown limits cybersecurity operations and delays critical updates across agencies.

CBO Confirms the Breach

According to a statement shared with Reuters, the CBO identified a “security incident,” took immediate action to contain the breach, and implemented “additional monitoring and new security controls” to protect its systems.

The agency did not specify the nature of the breach or identify the perpetrators but noted that its work for Congress continues uninterrupted.

Officials expressed concern that the attackers may have accessed internal emails, chat logs, and interoffice communications connected to budget research and cost estimates.

The CBO emphasized that, like other federal and private entities, it faces “ongoing network threats” and maintains active monitoring systems. 

However, the breach represents one of the most significant cybersecurity incidents involving a key legislative support agency in recent years — potentially exposing confidential fiscal data and early drafts of legislative cost analyses.

Phishing the Halls of Congress

The Senate Sergeant at Arms (SAA), which oversees cybersecurity for the upper chamber of Congress, notified multiple congressional offices about the incident. 

According to a notification reviewed by Reuters, officials warned that email exchanges between the CBO and Senate offices may have been exposed to hackers, increasing the risk of targeted phishing campaigns masquerading as legitimate CBO communications.

Cybersecurity professionals cautioned that such exposure could allow adversaries to craft convincing spear-phishing emails using authentic-looking correspondence, potentially giving attackers deeper access to congressional systems.

When Patching Falls Behind

Independent security researcher Kevin Beaumont suggested that the breach may have originated from an outdated Cisco ASA firewall within the CBO’s network. 

In a series of posts on Bluesky, Beaumont noted that the agency’s firewall — visible through public internet scans — had not been patched since 2024 and was vulnerable to known Cisco exploits used by suspected Chinese government-backed hackers.

Beaumont first raised concerns in October, just before the federal government shutdown took effect. 

At that time, he noted that the CBO’s firewall had missed multiple critical patches. He later confirmed that the firewall had since gone offline, though it remains unclear whether that action was taken as part of the containment effort following the breach.

Cisco has not publicly commented on the reports, and the CBO declined to address whether its firewall played a role in the incident. 

However, the timing of the breach — amid limited IT staffing and budget freezes tied to the government shutdown — has fueled speculation that resource constraints may have delayed essential security updates.

Cyber Defenses on Pause

The breach highlights the broader cybersecurity risks faced by federal agencies during extended funding lapses. 

When the government shuts down, thousands of civilian cybersecurity employees are furloughed, and routine patching, threat monitoring, and system maintenance are often suspended or delayed.

The consequences of the government shutdown are real — a friend working for a government contractor said their entire network security team was laid off just weeks into the shutdown, leaving critical systems without proper protection.

This incident adds to growing concern among lawmakers that cybersecurity readiness is being compromised at a time when foreign intrusion attempts are becoming more sophisticated and persistent.

Rebuilding Cyber Resilience

In the wake of the CBO attack, there should be renewed focus on cyber resilience and resource allocation for federal IT systems. 

Recommendations include securing emergency cybersecurity funding during shutdowns, implementing automated patching where feasible, and expanding continuous monitoring capabilities even during operational disruptions.

The CBO continues to coordinate with federal cybersecurity authorities to assess the scope of the incident and restore full system integrity. 

While no direct evidence of data theft has been publicly confirmed, the event serves as a stark reminder that critical institutions remain prime targets for sophisticated cyber operations — especially when political gridlock weakens their defenses.