Hackers breach Library of Congress’ congressional research service emails in a cyberattack

In a significant cybersecurity breach, email correspondence between staff at the Library of Congress’ Congressional Research Service (CRS) and congressional legislative staff has been compromised by what officials describe as a “foreign adversary.” The attack, which occurred between January and September 2024, has raised concerns due to the sensitive nature of the communications involved.

While the exact volume and contents of the compromised emails remain unclear, the CRS’s role as a nonpartisan research institution serving Congress amplifies the severity of the breach. In 2023 alone, the CRS handled over 76,000 inquiries, offering policy and legal analysis to congressional committees. The potential exposure of preliminary legislative proposals, policy ideas, and staff opinions could significantly affect national security and legislative confidentiality.

The CRS’s unique position as a trusted advisory body makes it an attractive target for cyber espionage. Reports suggest the breach may have allowed hackers to gather intelligence on U.S. legislative processes. Fortunately, the U.S. Copyright Office, also housed within the Library of Congress, was unaffected by the attack.

The attack is attributed to a “foreign adversary,” though officials have yet to identify the specific nation-state actor involved. Given the recent uptick in cyberattacks from Iran, Russia, China, and North Korea, investigators are expected to scrutinize these nations closely. The breach coincides with heightened cybersecurity risks in the lead-up to the 2024 U.S. elections.