The U.S. Congressional Budget Office (CBO) has confirmed that its internal systems were hacked, marking one of the most serious cyber incidents to hit a nonpartisan federal agency in recent years.

In a brief statement released Friday, the CBO acknowledged a “cybersecurity incident impacting its network infrastructure,” but declined to provide details on the source, motive, or scale of the breach.

“We are aware of unauthorized activity on our systems and are working with federal partners to investigate,” a CBO spokesperson said. “Our focus is on securing our networks and ensuring continued operations.”

What We Know So Far

The CBO, which provides economic and budgetary analysis to Congress, plays a crucial role in evaluating legislation and producing cost projections that influence U.S. fiscal policy.

While officials did not specify what data was compromised, cybersecurity experts warn that the office’s servers hold sensitive information — including draft budget reports, communications with lawmakers, and confidential economic forecasts.

According to early reports cited by TechCrunch, the breach was detected earlier this week after “unusual data access patterns” were flagged by an internal monitoring tool.

The agency has since taken portions of its internal network offline, and is coordinating with the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI’s Cyber Division to trace the intrusion.

Federal Response and Possible Links

A CISA official, speaking on background, said the investigation is “active and sensitive,” noting that the agency has observed a recent uptick in targeted intrusions against U.S. legislative and research bodies.

While no specific group has claimed responsibility, early indicators suggest a state-linked espionage operation rather than a financially motivated attack.

“This is the kind of target foreign intelligence services value — insight into budget priorities, defense allocations, and long-term fiscal strategy,” said Theresa Payton, former White House CIO and CEO of Fortalice Solutions.

Payton added that even temporary access to budget projections could offer geopolitical adversaries leverage in trade or defense negotiations.

Why It Matters

Though the CBO is not an executive agency, its data feeds into White House and Treasury planning models, meaning any compromise could have downstream effects on national fiscal coordination.

The incident also comes amid growing concern about cyber intrusions in government supply chains. Just weeks ago, the Department of Energy confirmed a breach tied to a third-party software vendor — part of a continuing wave of attacks exploiting U.S. public-sector networks.

Cybersecurity analysts have pointed out that the CBO’s limited IT budget and small in-house security team make it especially vulnerable compared to larger federal departments.

“Research agencies are soft targets with valuable information,” said Allan Liska, threat intelligence analyst at Recorded Future. “They have access to legislative data but none of the defense infrastructure to protect it.”

The Bigger Picture

The breach underscores the persistent vulnerability of U.S. government institutions, even after years of investment in federal cybersecurity modernization programs.

Congress is expected to request a closed-door briefing from CISA Director Jen Easterly and FBI cyber officials early next week to determine whether the attack was part of a broader campaign against U.S. agencies.

Lawmakers from both parties have already called for a review of the CBO’s digital defenses, warning that the incident could expose not just sensitive documents but lawmakers’ private communications and legislative drafts.

“This is not just about budgets — it’s about the integrity of our policymaking process,” said Sen. Mark Warner, chair of the Senate Intelligence Committee.