A sophisticated cyber attack targeting the Library of Congress has compromised months of sensitive email communications between congressional offices and library staff, officials revealed this week.
The breach, carried out by an unidentified foreign adversary, gave hackers access to email exchanges that occurred between January and September 2023. The compromised communications included correspondence with the Congressional Research Service, which provides vital policy and legal analysis to legislative committees.
The Library of Congress notified congressional oversight committees about the incident on Thursday. While the full scope remains under investigation, the hackers potentially viewed confidential legislative proposals and policy discussions still in early development stages.
"The Library has mitigated the vulnerability that the adversary used to access these emails and has taken measures to prevent such incidents in the future," said Bill Ryan, the library's communications director, in a statement. The matter has been referred to law enforcement for investigation.
Officials emphasized that the core House and Senate email networks were not compromised in the attack. The U.S. Copyright Office systems also remained secure. The Library is currently analyzing which specific email communications were accessed and will notify impacted congressional staff members.
The incident comes amid heightened concerns about foreign cyber espionage targeting U.S. government institutions. While the identity of the attackers remains unknown, Russia, China, Iran and North Korea are considered among the primary suspects given their history of sophisticated cyber operations against American targets.
The Library of Congress serves as the research arm for Congress and the de facto national library of the United States. As the world's largest library, it plays a central role in supporting the legislative process and preserving America's cultural heritage.
The breach underscores ongoing cybersecurity challenges faced by government institutions as they work to protect sensitive communications from increasingly advanced foreign threats. Officials indicate they are implementing additional security measures in response to this incident.