Search results for: DOGE

On April 21, 2025, the Oregon Department of Justice’s Privacy Unit reported a “big spike” in complaints about the Department of Government Efficiency (DOGE) in the first quarter of 2025.

The report stated, “Specifically, Oregonians are concerned about how government entities are handling their personal information. As of March 31, 2025, the unit had received more than 250 complaints about DOGE.”

The Oregon Department of Justice has joined other Attorneys General to file suit against the administration, requesting limitations on DOGE’s access to Americans’ personal information, and a court issued an order blocking DOGE’s access to Treasury Department information. Oregonians are not alone in their concern about DOGE’s vast and unrestricted access to personal information. Many states have consumer protection divisions that allow consumers to issue complaints about privacy protections.

If you are concerned about unrestricted access to your personal information by federal government and/or DOGE representatives, consider contacting your state consumer protection division so your voice is heard.

Becker’s Hospital Review reports that the Department of Government Efficiency (DOGE) “has access to sensitive information in 19 HHS databases and systems,” according to a court filing obtained by Wired. HHS provided the information during the discovery process in the lawsuit filed by the American Federation of Labor and Congress of Industrial Organizations against the federal government, requesting restriction of DOGE’s access to federal systems.

According to Becker’s, DOGE had not previously disclosed nine of the 19 systems, which “contain various protected health information, ranging from email and mailing addresses to Social Security numbers and medical notes.”

Some of the systems included federal employees’ data and access to Medicare recipients’ personal information. For instance, one system listed is the Integrated Data Repository Cloud system, which “stores and integrates Medicare claims data with beneficiary and provider data sources.” Other listed systems include the NIH Workforce Analytics Workbench, which “tracks current and historical data on the NIH workforce, including headcounts and retirement information,” the Office of Human Resources Enterprise Human Capital Management Investment system, which “manages personnel actions and employee benefits at HHS,” and the Business Intelligence Information System, which “stores cloud-based HHS human resources and payroll data for analysis and reporting.”

We will continue to follow courts’ analyses and decisions relating to DOGE’s access to sensitive federal employees and individual data.

On February 21, 2025, a federal district court judge from the Southern District of New York issued a preliminary injunction against the Department of Government Efficiency’s (DOGE), access to Treasury Department payment systems, stating access was provided in a “chaotic and haphazard manner.” The order resulted from a suit filed by 19 state Attorneys General against DOGE for unauthorized access to Americans’ data. It prevents anyone affiliated with DOGE from accessing federal payment systems until further order.

According to the 64-page opinion, the judge was critical of the “‘rushed’ process by DOGE to access Bureau of Fiscal Service’s payment systems, which stores the names, Social Security numbers, birth dates, birth places, home addresses and telephone numbers, email addresses, and bank account information of Americans who have transacted with the federal government.”

The District Court also noted that “[t]he record is silent as to what vetting or security clearance process they went through prior to their appointment” and reported being “troubled by the fact that Elez [a DOGE associate] was apparently granted full access to [Bureau of Fiscal Service] systems rather than read-only access, writing that that process was ‘rushed and undertaken under political pressure.’” We have made a similar observation.

The Court requested that the Treasury Department provide a report by March 24, 2025: (1) certifying that the DOGE associates have been vetted, have obtained proper security clearances, and have been properly trained; and (2) setting forth the mitigation measures which have been taken to minimize threats associated with the access, including the reporting chains for DOGE within the Treasury Department. 

The ruling stated that “[t]he process by which the Treasury DOGE Team was appointed, brought on board, and provided with access to [Bureau of the Fiscal Service] payment systems could have been implemented in a measured, reasonable, and thoughtful way. To date, based on the record currently before the Court, it does not appear that this has been the case.”

The Department of Government Efficiency’s (DOGE) staggering unfettered access to all Americans’ personal information is highly concerning. DOGE employees’ access includes databases at the Office of Personnel Management, the Department of Education, the Department of Health and Human Services, and the U.S. Treasury.

If you want more information about the DOGE employees who have access to this highly sensitive data, Wired and KrebsOnSecurity have provided fascinating but disturbing accounts.

Meanwhile, New York and other states have filed suit against DOGE, alleging that the unfettered access to the federal databases is a privacy violation. On February 14, 2025, a New York federal judge found “good cause to extend a temporary restraining order” stopping DOGE employees from accessing U.S. Treasury Department databases. However, the next day, another federal judge in Washington, D.C., denied a request to stop DOGE from accessing the databases of the Department of Labor, the Department of Health and Human Services, and the Consumer Financial Protection Bureau. That means that DOGE employees now have access to the sensitive health and claims information of Medicare recipients, as well as the identities of individuals who have made workplace health and safety complaints. NBC News has reported that “the Labor Department authorized DOGE employees to use software to remotely transfer large data sets.”

Currently, 11 lawsuits have been filed against DOGE over access to sensitive information in federal databases, alleging that the access violates privacy laws. The databases include student loan applications at the Department of Education, taxpayer information at the Department of the Treasury, and the personnel records of all federal employees contained in the database of the Office of Personnel Management, the Department of Labor, the Social Security Administration, FEMA, and USAID.

According to a plaintiff, the potential to misuse Americans’ personally identifiable information “is serious and irrevocable….The risks are staggering: identity theft, fraud, and political targeting. Once your data is exposed, it’s virtually impossible to undo the damage.” We will be closely watching the progress of these suits and urge you to stay informed as we offer insight on their impact to the protection of our personal information.

According to a highly critical article recently published by TechCrunch,  the Department of Government Efficiency (DOGE), President Trump’s advisory board headed by Elon Musk, has “taken control of top federal departments and datasets” and has access to “sensitive data of millions of Americans and the nation’s closest allies.” The author calls this “the biggest breach of US government data.” He continues, “[w]hether a feat or a coup (which depends entirely on your point of view), a small group of mostly young, private-sector employees from Musk’s businesses and associates — many with no prior government experience — can now view and, in some cases, control the federal government’s most sensitive data on millions of Americans and our closest allies.”

According to USA Today, “The amount of sensitive data that Musk and his team could access is so vast it has historically been off limits to all but a handful of career civil servants.” The article points out that:

If you received a tax refund, Elon Musk could get your Social Security number and even your bank account and routing numbers. Paying off a student loan or a government-backed mortgage? Musk and his aides could dig through that data, too.

If you get a monthly Social Security check, receive Medicaid or other government benefits like SNAP (formerly known as food stamps), or work for the federal government, all of your personal information would be at the Musk team’s fingertips. The same holds true if you’ve been awarded a federal contract or grant.

Private medical history could potentially fall under the scrutiny of Musk and his assistants if your doctor or dentist provides that level of detail to the government when requesting Medicaid reimbursement for the cost of your care.

A federal judge in New York recently issued a preliminary injunction stopping Musk and his software engineers from accessing the data, despite Musk calling the judge “corrupt” on X. USA Today reports that the White House says Musk and his engineers only have “read-only” access to the data, but that is not very comforting from a security standpoint. The Treasury Department has reportedly admitted that one DOGE staffer, a 25-year-old software engineer, had been mistakenly granted “read/write” permission on February 5, 2025. That is just frightening to me as one who works hard to protects my personal information.

Tech Crunch reported that data security is not a priority for DOGE.

“For example, a DOGE staffer reportedly used a personal Gmail account to access a government call, and a newly filed lawsuit by federal whistleblowers claims DOGE ordered an unauthorized email server to be connected to the government network, which violates federal privacy law. DOGE staffers are also said to be feeding sensitive data from at least one government department into AI software.”

We all know that Musk loves AI. We are also well aware of the risks of using AI with highly sensitive data, including unauthorized disclosure and the ability to include it in outputs.

All of this has prompted questions about whether this advisory board has proper security clearance to access our data.

Should you be concerned? Absolutely. I understand the goal of cutting costs. But why do these employees have access to our most private information, including our full Social Security numbers and health information? Do they really need that specific data to determine fraud or overspending?

I argue no. A tenet of data security is proper access controls, only having access to the data needed for business purposes. DOGE’s unfettered access to our highly sensitive information is not limited to only data needed for a specific purpose. The security procedures for accessing the data are in question, and proper security protocols must be followed. According to Senator Ron Wyden of Oregon and Senator Jon Ossoff  of Georgia, who is a member of the U.S. Senate Intelligence Committee, this is “a national security risk.” As a privacy and cybersecurity lawyer, I am very concerned. A hearing on an early lawsuit filed to prohibit this unrestricted access is scheduled for tomorrow. We will keep you apprised of developments as they progress.

The Trump administration has systematically fired federal privacy- and security-focused employees since taking office.

Three members of the bipartisan, independent agency, the Privacy and Civil Liberties Oversight Board (which was established by Congress in 2004 “to ensure that the federal government’s efforts to prevent terrorism are balanced with the need to protect privacy and civil liberties”) were fired on January 27, 2025.   

The administration has also fired multiple members of the privacy team and employees who oversee Freedom of Information Act (FOIA) requests from the Office of Personnel Management (OPM), which is the equivalent of the federal government’s human resources department. The firings were discovered when CNN filed a FOIA request with OPM seeking information about the security clearances of Elon Musk and “anyone from the Department of Government Efficiency (DOGE) who has been granted access to sensitive or classified government networks.”

OPM’s response to CNN’s FOIA request, as reported by CNN, was, “Good luck with that they just got rid of the entire privacy team.” In addition to the privacy team and the FOIA response team, the administration fired other members of OPM’s communications staff. Although an OPM official told CNN that the agency did not lay off the entire privacy team, and some of the firings are not effective until April 15, these actions call into question whether OPM can still “ensur[e] the agency’s data privacy practices meet legal requirements and protect the trust of the public” with the sensitive data housed within OPM.

Jonathan Kamens, Information Security Lead at the Department of Veterans Affairs, was also fired. The Associated Press reports that, according to Kamens, sensitive health data of millions of veterans stored on a benefits website is at risk of compromise. Kamens oversaw security for the VA.gov website and was responsible for “securing private health and financial information including bank account numbers and credit card numbers.” According to Kamens, millions use the VA.gov website monthly: “VA.gov has access to a huge number of databases within VA in order to provide all of those benefits and services to veterans, so if that information can’t be kept secure, then all of that information is at risk and could be compromised by a bad actor.” Kamens questioned whether DOGE workers were background-checked to access the data, alleging that “[t]hey’re not confirmed to be trustworthy.”

More recently, 21 DOGE staffers resigned on February 25, 2025, stating that they would not use their “skills as technologists to compromise core government systems, jeopardize Americans’ sensitive data, or dismantle critical public services…We will not lend our expertise to carry out or legitimize DOGE’s actions.” According to the joint resignation letter, the staffers (who had previously been part of the U.S. Digital Service, which was assimilated into DOGE after the inauguration) wrote, “We swore to serve the American people and uphold our oath to the Constitution across presidential administrations. However, it has become clear that we can no longer honor those commitments.”

Earlier in February, about 40 staffers from the Digital Service had been laid off. The resignation letter claimed that “[t]hese highly skilled civil servants were working to modernize Social Security, veterans’ services, tax filing, health care, disaster relief, student aid, and other critical services. Their removal endangers millions of Americans who rely on these services every day. The sudden loss of their technology expertise makes critical systems and American’s data less safe.”

The resigning staffers also alleged that they were interviewed by individuals wearing White House visitors’ badges (some of whom would not identify themselves) about their politics after the inauguration. According to the staffers, these individuals appeared to have “limited technical ability,” and the process “created significant security risks.”  

Federal employees focused on privacy and security are tasked with ensuring that all of our data is accessed, used, and disclosed lawfully and that our data is protected and secured using established protocols. It is very uncertain at this time whether these laws and protocols are being followed when so many of these employees have been fired. It is crucial to stay abreast of the impacts these firings will have on the protection of our data and to be able to obtain assurances that proper measures are being taken by DOGE employees who have access to the data. We will continue to update our readers on these issues as they unfold.

Cryptocurrency platform Poly Network, which allows users to swap different types of digital tokens, was the victim of a cryptoheist that resulted in the thief (allegedly just one hacker) to swipe over $600 million of currency. The incident has been dubbed the largest theft of cryptocurrency to date.

The story reads like the beginning of a novel. After the heist, Poly Network posted a letter on Twitter asking the thief to get in touch with them “to work out a solution.” The thief then posted messages that he would return the funds because he was “not very interested in money.” The next day, Poly Network claimed it had received half of the stolen amount back from the thief, in the form of Ether tokens, Polygon tokens and Binance Coin.

The hacker then posted a three-page Q&A self-interview discussing why he did it. According to reports, the hacker said the heist was meant to showcase the vulnerabilities in the Poly Network software and that users should learn from the hack. The hacker wanted to expose the bug, but not cause a “panic in the crypto-world” which is why the hacker took the important coins but left the Dogecoin. According to the thief, “The pain suffered is temporary, but memorable.”

Cryptocurrency continues to be unregulated, so the bigger story is what would have happened if the cryptocurrency hadn’t been returned.