Congressional Budget Office Company CyberSecurity Posture

cbo.gov
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

Since its founding in 1974, the Congressional Budget Office (CBO) has produced independent analyses of budgetary and economic issues to support the Congressional budget process. The agency is strictly nonpartisan and conducts objective, impartial analysis, which is evident in each of the dozens of reports and hundreds of cost estimates that its economists and policy analysts produce each year. All CBO employees are appointed solely on the basis of professional competence, without regard to political affiliation. CBO does not make policy recommendations, and each report and cost estimate discloses the agency’s assumptions and methodologies. All of CBO’s products – apart from informal cost estimates for legislation being developed privately by Members of Congress or their staffs – are available to the Congress and the public on CBO’s website. For more information on career opportunities at CBO, please visit www.cbo.gov/about/careers. CBO is an equal opportunity employer committed to diversity. CBO encourages women, minorities, people with disabilities, and veterans to apply.

Congressional Budget Office A.I CyberSecurity Scoring

CBO

Company Details

Linkedin ID:

congressional-budget-office

Website:

https://www.cbo.gov/

Employees number:

274

Number of followers:

6,165

NAICS:

92

Industry Type:

Government Administration

Homepage:

cbo.gov

IP Addresses:

Scan still pending

Company ID:

CON_1385083

Scan Status:

In-progress

AI scoreCBO Risk Score (AI oriented)

Between 550 and 599

https://images.rankiteo.com/companyimages/congressional-budget-office.jpeg
CBO Government Administration
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreCBO Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/congressional-budget-office.jpeg
CBO Government Administration
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Congressional Budget Office

Very Poor
Current Score
578
Ca (Very Poor)
01000
5 incidents
-45.5 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

DECEMBER 2025
578
NOVEMBER 2025
644
Breach
07 Nov 2025 • Congressional Budget Office (CBO)
Cybersecurity Breach at the Congressional Budget Office (CBO) by Suspected Foreign Threat Actor

The **Congressional Budget Office (CBO)**, a critical U.S. legislative agency responsible for independent financial analysis and budget scoring, suffered a **sophisticated cyber breach** by a suspected foreign threat actor. The intrusion compromised **sensitive communications**, including internal emails and chat logs between lawmakers’ offices and CBO researchers, risking exposure of confidential legislative deliberations and economic projections that shape federal policy. While detected early, the breach disrupted operations, prompting some congressional offices to **halt email correspondence** with the CBO, delaying budget analyses and legislative scoring.The attack threatens the **integrity of U.S. legislative processes**, particularly amid partisan disputes over debt projections. The suspected state-sponsored nature of the breach suggests a targeted effort to influence or surveil **federal financial policymaking**, with potential long-term implications for national security. Though containment measures were implemented, the incident highlights vulnerabilities in **government cybersecurity defenses** against advanced persistent threats (APTs), raising concerns about the protection of classified legislative data and the broader stability of U.S. institutional trust.

575
critical -69
CON5793057110725
Incident Details -
Type
cyber intrusion data breach advanced persistent threat (APT)
Motivation
espionage influence on U.S. legislative/financial policy access to sensitive budget analyses
Impact
sensitive communications internal emails office chat logs between congressional staff and CBO researchers CBO internal networks email systems communication platforms suspension of email correspondence between congressional offices and CBO disruptions to legislative scoring and budget analysis delays in supporting lawmakers with timely financial assessments potential erosion of trust in CBO's analytical independence concerns over data security in legislative processes
Response
immediate containment actions isolation of affected systems implementation of additional security monitoring enhanced controls public statement by CBO spokeswoman Caitlin Emma notifications to lawmakers
Data Breach
sensitive communications internal emails office chat logs Sensitivity Of Data: high (legislative and budgetary deliberations) Data Exfiltration: suspected (not confirmed)
Lessons Learned
heightened cybersecurity vulnerabilities in federal legislative infrastructure need for robust protections against advanced persistent threats (APTs) importance of early detection in limiting breach scope
Recommendations
strengthen cybersecurity defenses for legislative agencies enhance monitoring of communications between lawmakers and analytical bodies review access controls for sensitive budgetary data improve incident response coordination with congressional stakeholders
Investigation Status
['ongoing']
Stakeholder Advisories
notifications to congressional offices suspension of email correspondence with CBO
Initial Access Broker
sensitive communications between lawmakers and CBO budget analysis data legislative scoring documents
Post Incident Analysis
additional security monitoring enhanced controls review of cybersecurity protocols
References
Blog URL Source URL
OCTOBER 2025
643
SEPTEMBER 2025
641
AUGUST 2025
638
JULY 2025
636
JUNE 2025
633
MAY 2025
649
Cyber Attack
01 May 2025 • Congressional Budget Office (CBO)
Suspected Cyberattack on the Congressional Budget Office (CBO) by Foreign Actors

The **Congressional Budget Office (CBO)**, a nonpartisan U.S. government agency responsible for critical financial analyses, suffered a **sophisticated cyber breach by suspected foreign actors**. The attack exposed **sensitive financial research data**, including budget projections, economic models, and legislative cost estimates—information vital for congressional decision-making affecting millions of Americans.The compromised data could provide foreign adversaries with **insights into U.S. fiscal planning and legislative priorities**, potentially influencing policy outcomes. While the exact scope of the breach remains undisclosed, the CBO confirmed unauthorized access to its systems, prompting an immediate federal investigation. The incident underscores persistent vulnerabilities in **high-value government infrastructure**, with state-sponsored hackers increasingly targeting agencies holding strategic intelligence.Authorities are assessing the full impact, but the breach aligns with a broader trend of cyberattacks on U.S. government entities, raising concerns over **cybersecurity inadequacies in protecting national interests**. The CBO is collaborating with federal cybersecurity officials to mitigate risks and prevent future intrusions, though no attacker details or methods have been publicly revealed. The breach may accelerate calls for **enhanced security funding and stricter data-handling protocols** across government agencies.

627
critical -22
CON0232102110725
Incident Details -
Type
cyberattack data breach unauthorized access
Motivation
espionage access to U.S. fiscal planning and legislative priorities geopolitical advantage
Impact
sensitive financial research data economic models budget analysis legislative cost estimates CBO databases internal systems potential disruption to legislative decision-making compromised confidentiality of fiscal analyses potential erosion of trust in CBO's data security concerns over government cybersecurity adequacy
Response
federal cybersecurity officials investigation to determine breach extent preventive measures for future incidents official statement via agency spokeswoman media disclosure
Data Breach
financial research data economic models budget analysis legislative cost estimates Sensitivity Of Data: high (influences U.S. fiscal and legislative decisions)
Lessons Learned
Government agencies remain high-value targets for state-sponsored cyber threats. Critical financial and legislative data requires robust cybersecurity protections. Proactive measures (e.g., funding for security upgrades, stricter protocols) are essential to mitigate risks.
Recommendations
Allocate additional funding for cybersecurity upgrades in government agencies. Implement stricter protocols for handling sensitive financial data. Enhance collaboration with federal cybersecurity officials for threat detection and response. Conduct regular security audits and penetration testing for critical systems. Increase training for employees on recognizing and responding to cyber threats.
Investigation Status
['ongoing (authorities and federal cybersecurity officials involved)']
Initial Access Broker
financial research databases economic models budget analyses
Post Incident Analysis
collaboration with federal cybersecurity officials potential security upgrades review of existing protocols
References
Blog URL Source URL
APRIL 2025
649
MARCH 2025
647
FEBRUARY 2025
644
JANUARY 2025
642
DECEMBER 2024
707
Breach
01 Dec 2024 • U.S. Congressional Budget Office (CBO)
U.S. Congressional Budget Office (CBO) Cyber Breach by Suspected Foreign Actor

The U.S. Congressional Budget Office (CBO) suffered a cyber breach by a suspected foreign actor, potentially exposing internal communications, research, and email/chat logs used to guide federal legislation. The incident, discovered recently, is under federal investigation due to concerns over unauthorized access to sensitive interactions between lawmakers and CBO analysts. The CBO confirmed the breach and took immediate containment measures, though the extent of data compromise and the attacker’s identity remain undisclosed. Given the CBO’s role in shaping economic and budgetary policies, the breach poses risks of legislative manipulation or intelligence gathering by state-sponsored actors. The incident echoes a December 2024 attack on the U.S. Treasury via a third-party vendor, though no direct link has been established.

637
critical -70
CON5603756110725
Incident Details -
Type
cyberespionage data breach
Motivation
espionage influence on federal legislation economic intelligence
Impact
internal communications research documents email logs chat logs Brand Reputation Impact: potential erosion of trust in CBO's data security
Response
immediate actions to contain the breach (details undisclosed) brief public statement confirming the incident
Data Breach
internal communications research documents email logs chat logs Sensitivity Of Data: high (influences federal legislation and financial projections)
Investigation Status
['ongoing (federal authorities investigating)']
Initial Access Broker
internal communications legislative research email/chat logs
References
Blog URL Source URL
JUNE 2024
721
Cyber Attack
16 Jun 2024 • Congressional Budget Office (CBO)
CBO Hit by Suspected Nation-State Cyberattack

The U.S. **Congressional Budget Office (CBO)**, a federal agency responsible for providing nonpartisan economic and budgetary analysis to Congress, suffered a **suspected nation-state cyberattack**. The breach, detected recently, prompted immediate containment measures, including enhanced monitoring and new security controls. While details remain undisclosed, the attack may have exploited a **firewall vulnerability** in an unpatched Cisco ASA device, rendering the network security system unreachable.The CBO handles highly sensitive fiscal data, including economic projections and legislative cost estimates, which could provide foreign adversaries with strategic insights into U.S. policy priorities. The incident follows a pattern of targeted attacks on congressional entities, such as the 2024 breach of the **Library of Congress**, where hackers accessed months of emails tied to draft legislation. The ongoing federal government shutdown has exacerbated vulnerabilities, delaying critical defensive actions like patching and threat intelligence sharing.The full scope of the intrusion—including whether **congressional communications, internal analyses, or budget models** were compromised—remains under investigation. The attack underscores escalating risks to government agencies from **state-sponsored cyber operations**, with potential long-term implications for national security and legislative integrity.

700
critical -21
CON5502155110825
Incident Details -
Type
Cyberwarfare Nation-State Attack Unauthorized Access
Attack Vector
Firewall Exploit (suspected Cisco ASA vulnerability) Potential Email Compromise
Vulnerability Exploited
Unpatched Cisco ASA device (last patched in 2024)
Motivation
Espionage Access to sensitive fiscal/policy data Insight into U.S. legislative priorities
Impact
Potential exposure of sensitive fiscal data Economic projections Budget modeling Possible email correspondence with congressional offices CBO network Cisco ASA firewall device Ongoing investigation Additional monitoring and security controls implemented Work for Congress continues despite intrusion Potential erosion of trust in CBO's cybersecurity posture Concerns over protection of sensitive legislative data
Response
Federal law enforcement (implied, as investigation is ongoing) Immediate action to contain the incident Network segmentation (implied by 'unreachable' firewall) Additional monitoring New security controls implemented Public disclosure via emailed statement Limited details shared to avoid compromising investigation
Data Breach
Sensitive fiscal data Economic projections Budget modeling Potential email correspondence Sensitivity Of Data: High (nonpublic legislative analysis, policy discussions)
Regulatory Compliance
Likely notifications to oversight bodies (e.g., Congress, DHS CISA)
Investigation Status
['Ongoing (led by CBO with potential federal law enforcement involvement)']
Stakeholder Advisories
Congressional offices likely notified
Initial Access Broker
Firewall exploit (Cisco ASA) Potential phishing/email compromise Fiscal data Legislative communications Economic projections
Post Incident Analysis
Unpatched firewall (Cisco ASA) Potential delays due to government shutdown (implied) Additional monitoring New security controls Patch management review (implied)
References
Blog URL Source URL
JUNE 2021
761
Breach
16 Jun 2021 • U.S. Congressional Budget Office (CBO)
Cybersecurity Incident at U.S. Congressional Budget Office (CBO)

The U.S. Congressional Budget Office (CBO) suffered a cybersecurity breach by a suspected foreign hacker, potentially exposing sensitive internal communications and data. The intrusion, detected recently, raised concerns over the exposure of emails and exchanges between congressional offices and CBO analysts. While officials claim the breach was contained early, some congressional offices temporarily halted communications with the CBO due to security fears. The CBO, a nonpartisan agency providing economic analysis and legislative cost estimates, could have had draft reports, economic forecasts, and internal discussions compromised. The attack aligns with a broader trend of cyber incidents targeting U.S. government agencies, including prior breaches at the Treasury Department and the Committee on Foreign Investment in the United States (CFIUS), attributed to the Chinese state-sponsored APT group *Silk Typhoon*. This group previously exploited the *ProxyLogon* zero-day vulnerabilities in Microsoft Exchange Server in 2021, compromising tens of thousands of systems.

687
critical -74
CON3362133110725
Incident Details -
Type
Data Breach Unauthorized Network Access Espionage
Attack Vector
Network Intrusion Potential Exploitation of Zero-Day or Known Vulnerabilities
Motivation
Espionage Data Theft Intelligence Gathering
Impact
Emails Exchanges between congressional offices and CBO analysts Draft reports Economic forecasts Internal communications CBO Network Temporary halt of email communications between some congressional offices and the CBO Ongoing investigation Potential erosion of trust in CBO's ability to secure sensitive legislative and economic data
Response
Immediate action to contain the breach Isolation of affected systems (implied) Implementation of additional monitoring New security controls Public statement via spokesperson (Caitlin Emma) Notification to lawmakers Media engagement (e.g., BleepingComputer, The Washington Post)
Data Breach
Emails Internal Communications Draft Legislative Reports Economic Forecasts Analyst Exchanges High (sensitive legislative and economic data) Suspected, but unconfirmed
Investigation Status
Ongoing
Customer Advisories
Some congressional offices halted emails with CBO as a precaution
Stakeholder Advisories
Notification to lawmakers about potential exposure of communications
Initial Access Broker
Legislative data Economic analysis Internal communications
Post Incident Analysis
Additional monitoring New security controls
References
Blog URL Source URL

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for Congressional Budget Office is 578, which corresponds to a Very Poor rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 644.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 643.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 641.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 638.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 636.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 633.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 627.

According to Rankiteo, the A.I. Rankiteo Cyber Score for April 2025 was 649.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2025 was 647.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2025 was 644.

According to Rankiteo, the A.I. Rankiteo Cyber Score for January 2025 was 642.

Over the past 12 months, the average per-incident point impact on Congressional Budget Office’s A.I Rankiteo Cyber Score has been -45.5 points.

You can access Congressional Budget Office’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/congressional-budget-office.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view Congressional Budget Office’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/congressional-budget-office.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.