Library of Congress says it stopped a sophisticated cyber intruder; committee urges continued vigilance

Librarian of Congress Dr. Carla Hayden told the House Committee on House Administration that a sophisticated cyber breach affecting Library of Congress email accounts and communications was identified and mitigated last year with outside partners and law enforcement.

Asked about high-level lessons from the incident, Chairman Neal noted the breach "compromised the content of several emails from members of Congress and their staff" and asked what takeaways the committee should draw. Dr. Hayden thanked the committee for its support and described a rapid response that included coordination with Microsoft and other legislative-branch partners. "We were able to stop the threat actor," she said, and the library followed up with additional investigation.

Hayden told members the library uncovered an "extremely sophisticated cyber breach" and said the library conducted an initial remediation and is pursuing a second, separate cybersecurity investigation. She described plans to strengthen ongoing defenses and suggested the library will consider regular, perhaps annual, cybersecurity-focused reviews rather than only reacting to incidents.

Committee members expressed appreciation for the library's cooperation with federal partners and pressed the library to continue improvements in detection, mitigation and reporting. Dr. Hayden said the library intends to maintain continual cybersecurity efforts and not restrict reviews to post-incident responses.

No formal actions or votes were taken at the hearing related to cybersecurity; members said they expect written follow-up and continued information-sharing with library leadership and law enforcement.