DOGE Is Undermining US Government Cyber Security

Uploaded on 2025-03-11 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW

Before the Trump administration took office, what has become known as DOGE, or the Department of Government Efficiency, was touted as a tool for injecting private sector efficiencies into the federal workforce. 

Under the leadership of Elon Musk, DOGE has had an immediate impact,  resulting in mass redundancies and the closure of federal offices and agencies, including as the US Agency for International Development (USAID).

Less obvious are the effects of DOGE’s unprecedented access to many highly sensitive federal databases and payment tools. 

Now, the US government has experienced what may be the most consequential security breach in its history and its not through a sophisticated cyber attack or an act of foreign espionage, but through official orders by Elon Musk with a poorly defined government role.

The implications for US national security are undoubtedly serious:-

  • It is reported that people associated with the newly created DOGE have accessed the US Treasury computer system, giving them the ability to collect data on and potentially control the department’s roughly $5.45 trillion in annual federal payments.
  • The Office of Personnel Management, which holds detailed personal data on millions of federal employees, including those with security clearances, was compromised by DOGE investigators and it is alleged that government employees's medical records have been compromised. 
  • DOGE personnel, without the customary level of security clearances, have  gained access to classified data from  USAID, possibly copying it onto their own systems. 
  • DOGE personnel are also reported to be loading government data into Artificial Intelligence software, with unknown consequences.
  • The partially redacted names of CIA employees were sent over an unclassified and vulnerable email account.
  • In early February, a US federal judge blocked  the DOGE team from accessing the Treasury Department systems bit only after DOGE personnel had already copied data and installed and modified software. 

Given the extent and apparent careless behaviour of the people working at DOGE it seems highly likely that significant breaches other critical government systems have already occurred.

The types of data that could be accessed by DOGE would be sensitive tax and medical data stored at the IRS and Social Security Administration (SSA). This could include information on charitable donations, tax returns, disability diagnoses, adoption of children, as well as the immigration status of certain individuals. However, it should be noted that Stephen Miller, who is the White House deputy chief of staff for policy and US homeland security advisor, reassured the American public that DOGE was only searching for evidence of fraud and “unfair politicization” of tax data at the “programmatic level.”

Another potential issue that could arise regarding DOGE’s data access is that without transparency as to why they require the desired data as well as the purpose of attaining it, US taxpayers could be concerned about their private tax data not remaining confidential. With the IRS and SSA storing an abundance of sensitive data relating to such as large population of people, there will always be the risk of the abuse of this data, as well as cybersecurity breach considerations.

In particular, there is the possibillity that that as the head of DOGE Elon Musk, could obtain have access to the tax records of corporate competition as well as possible IRS investigations of his competitors’ companies.

In expert comment, Craig Watt, Threat Intelligence Consultant at Quorum Cyber, said "There is always the potential that access to this type of data could expose US government networks to cybersecurity vulnerabilities and provide threat actors with the opportunity to capitalise on the risk presented by disclosures of sensitive and personal data." 

These events surrounding DOGE's activties have perilous consequences, unless qualified and experienced federal employees are able to stand up for and maintain the previous strict  protocols protecting national security.

FP   |    FP   |    NBC   |   CISO Series   |     Wired   |  HKS   

Image: Ideogram

You  Might Also Read:  

US DOGE.gov Website Found Wide Open:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« How CISOs Can Demonstrate The Value Of Their Investments
Israel’s Emergency Medical Service Attacked »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Frazer-Nash Consultancy

Frazer-Nash Consultancy

Frazer-Nash is a leading engineering, systems and technology company. Areas of expertise include information security and cyber security.

JumpCloud

JumpCloud

JumpCloud's Directory-as-a-Service (DaaS) is the single point of authority to authenticate, authorize, and manage the identities of a business’s employees and the systems and IT resources they need.

RiskSense

RiskSense

RiskSense empowers enterprises and governments to reveal cyber risk, quickly orchestrate remediation, and monitor the results.

Cyber Security & Information Systems Information Analysis Center (CSIAC) - USA

Cyber Security & Information Systems Information Analysis Center (CSIAC) - USA

CSIAC is chartered to leverage best practices and expertise from government, industry, and academia on cyber security and information technology.

SecuGen

SecuGen

SecuGen is a leading provider of advanced, optical fingerprint recognition technology, products, tools and platforms for physical and information security.

Custodio Technologies

Custodio Technologies

Custodio Technologies was established as a Singaporean R&D Centre of Israel Aerospace Industries (IAI) in order to spearhead R&D activities in the field of cyber early warning.

Mitre ATT&CK

Mitre ATT&CK

MITRE ATT&CK™ is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.

EUROCONTROL

EUROCONTROL

EUROCONTROL is a pan-European, civil-military organisation dedicated to supporting European aviation. We help our stakeholders protect themselves against cyber threats.

Knovos

Knovos

Knovos is a leading technology innovator developing solutions for automating, integrating, and innovating Information Governance.

Octiga

Octiga

Octiga is an office 365 cloud security provider. It offers Office 365 monitoring, incident response and recovery tools.

Real Protect

Real Protect

Real Protect is a Brazilian provider of managed security (MSS) and cyber defense services.

KSOC Labs

KSOC Labs

KSOC is an event-driven SaaS platform built to automatically remediate Kubernetes security risks.

Primus Institute of Technology

Primus Institute of Technology

At Primus Institute of Technology our mission is to inspire, support, and empower current and aspiring IT professionals through training and career development workshops.

Avint

Avint

Avint delivers transformational cybersecurity solutions that help both commercial and government entities achieve mission success.

MiDO Technologies

MiDO Technologies

MiDO Technologies has a mission to change the narrative around digital enabling tools on the continent of Africa and prepare African youth.

Octopus Cybersecurity

Octopus Cybersecurity

Octopus VAR is a Validation, Analysis and Reporting tool that gives risk managers and CISOs a powerful control mechanism and a deep view of operational risks.