Advertisement

The votes are in for the 2025 FedScoop.

See the winners!
  • The Daily Scoop Podcast

The Congressional Budget Office hit by a security incident

A federal agency that supplies budget and economic information to Congress has suffered a cybersecurity incident, reportedly at the hands of a suspected foreign party. A spokesperson for the Congressional Budget Office (CBO) acknowledged the incident Thursday after The Washington Post reported that the office was hacked, with the attackers potentially accessing communications between lawmakers and researchers at the agency. CBO spokeswoman Caitlin Emma said: “The Congressional Budget Office has identified the security incident, has taken immediate action to contain it, and has implemented additional monitoring and new security controls to further protect the agency’s systems going forward.” Congress established the office in 1974 to serve as a nonpartisan research organization for the legislative branch. Republicans took aim at the CBO this year when it assessed that a GOP tax and spending policy bill would add trillions to the national debt, prompting conservatives to criticize its conclusions. It’s not unprecedented for unauthorized parties to obtain access to sensitive information from congressional offices. Hackers who broke into the Library of Congress last year were able to read email correspondence with offices on Capitol Hill. And a breach of a health insurance marketplace two years ago exposed the data of House staffers.

The Trump administration’s ongoing decimation of the Consumer Financial Protection Bureau has rendered the agency’s overall information security program ineffective, a federal watchdog revealed Monday. In an audit of CFPB’s cybersecurity program, the Federal Reserve’s Office of Inspector General found that the agency is no longer keeping up with its authorizations to operate many systems, and is “using risk acceptance memorandums without a documented analysis of cybersecurity risks.” As a result of those floundering protocols, the Fed OIG said the CFPB’s overall information security program has declined to level-2 maturity (defined) in fiscal 2025, down from level-4 (managed and measurable), and overall is not effective. Backsliding on these security measures can be at least partially attributed to a loss of contractor support for continuous security monitoring and testing, per the audit, as well as the mass exodus under the Trump administration of CFPB staff.

The Daily Scoop Podcast is available every Monday-Friday afternoon.

If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple PodcastsSoundcloudSpotify and YouTube.

Monday through Friday

The Daily Scoop Podcast

We discuss the latest news and trends facing government leaders on such topics as technology, management and workforce. The program will explore headlines of the day as well as in depth discussions with top executives in both government and industry.

Related Podcasts

See All Podcasts
Advertisement