DOGE Is Undermining US Government Cyber Security

Uploaded on 2025-03-11 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW

Before the Trump administration took office, what has become known as DOGE, or the Department of Government Efficiency, was touted as a tool for injecting private sector efficiencies into the federal workforce. 

Under the leadership of Elon Musk, DOGE has had an immediate impact,  resulting in mass redundancies and the closure of federal offices and agencies, including as the US Agency for International Development (USAID).

Less obvious are the effects of DOGE’s unprecedented access to many highly sensitive federal databases and payment tools. 

Now, the US government has experienced what may be the most consequential security breach in its history and its not through a sophisticated cyber attack or an act of foreign espionage, but through official orders by Elon Musk with a poorly defined government role.

The implications for US national security are undoubtedly serious:-

  • It is reported that people associated with the newly created DOGE have accessed the US Treasury computer system, giving them the ability to collect data on and potentially control the department’s roughly $5.45 trillion in annual federal payments.
  • The Office of Personnel Management, which holds detailed personal data on millions of federal employees, including those with security clearances, was compromised by DOGE investigators and it is alleged that government employees's medical records have been compromised. 
  • DOGE personnel, without the customary level of security clearances, have  gained access to classified data from  USAID, possibly copying it onto their own systems. 
  • DOGE personnel are also reported to be loading government data into Artificial Intelligence software, with unknown consequences.
  • The partially redacted names of CIA employees were sent over an unclassified and vulnerable email account.
  • In early February, a US federal judge blocked  the DOGE team from accessing the Treasury Department systems bit only after DOGE personnel had already copied data and installed and modified software. 

Given the extent and apparent careless behaviour of the people working at DOGE it seems highly likely that significant breaches other critical government systems have already occurred.

The types of data that could be accessed by DOGE would be sensitive tax and medical data stored at the IRS and Social Security Administration (SSA). This could include information on charitable donations, tax returns, disability diagnoses, adoption of children, as well as the immigration status of certain individuals. However, it should be noted that Stephen Miller, who is the White House deputy chief of staff for policy and US homeland security advisor, reassured the American public that DOGE was only searching for evidence of fraud and “unfair politicization” of tax data at the “programmatic level.”

Another potential issue that could arise regarding DOGE’s data access is that without transparency as to why they require the desired data as well as the purpose of attaining it, US taxpayers could be concerned about their private tax data not remaining confidential. With the IRS and SSA storing an abundance of sensitive data relating to such as large population of people, there will always be the risk of the abuse of this data, as well as cybersecurity breach considerations.

In particular, there is the possibillity that that as the head of DOGE Elon Musk, could obtain have access to the tax records of corporate competition as well as possible IRS investigations of his competitors’ companies.

In expert comment, Craig Watt, Threat Intelligence Consultant at Quorum Cyber, said "There is always the potential that access to this type of data could expose US government networks to cybersecurity vulnerabilities and provide threat actors with the opportunity to capitalise on the risk presented by disclosures of sensitive and personal data." 

These events surrounding DOGE's activties have perilous consequences, unless qualified and experienced federal employees are able to stand up for and maintain the previous strict  protocols protecting national security.

FP   |    FP   |    NBC   |   CISO Series   |     Wired   |  HKS   

Image: Ideogram

You  Might Also Read:  

US DOGE.gov Website Found Wide Open:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« How CISOs Can Demonstrate The Value Of Their Investments
Israel’s Emergency Medical Service Attacked »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSO

CSO

CSO serves enterprise security decision-makers and users with the critical information they need to stay ahead of evolving threats and defend against criminal cyberattacks.

Security Current

Security Current

Security Current's proprietary content and events provide insight, actionable advice and analysis giving executives the latest information to make knowledgeable decisions.

Egress Software Technologies

Egress Software Technologies

Egress Software Technologies is a leading provider of data security services designed to protect shared information throughout its lifecycle.

Marsh

Marsh

Marsh is a global leader in insurance broking and risk management and has been a leader in combatting cyber threats since their emergence.

Visa

Visa

Visa is a global payments technology company that connects consumers, businesses and banks in more than 200 countries and territories worldwide.

United Security Providers

United Security Providers

United Security Providers is a leading specialist in information security, protecting IT infrastructures and applications for companies with high demands on security.

Ignyte Assurance Platform

Ignyte Assurance Platform

Ignyte Assurance Platform™ is a leader in collaborative security and integrated GRC solutions for global corporations in Healthcare, Defense, and Technology.

Careerjet

Careerjet

Careerjet is a leading online job search engine with a large presence worldwide, sourcing millions of job ads from thousands of websites from all over the world in areas including Cybersecurity.

Cyber Security Africa

Cyber Security Africa

Cyber Security Africa is a full-service Information Security Consulting firm offering a comprehensive range of Services and Products to help organizations protect their valuable assets.

iON United

iON United

iON United is a full-service IT security solutions provider and one of the most trusted names in cybersecurity in Canada.

US Coast Guard Cyber Command

US Coast Guard Cyber Command

US Coast Guard Cyber Command’s focus is to ensure the security of our cyberspace, maintain superiority over our adversaries,and safeguard our Nation’s critical maritime infrastructure.

Vanta

Vanta

Vanta helps companies scale security practices and automate compliance for the industry’s most sought after standards - SOC 2, ISO 27001, HIPAA, GDPR, and other security and privacy frameworks.

Silent Push

Silent Push

Silent Push maps all internet-facing infrastructure with searchable, advanced attributes, generating early indicators of potential threats that are tailored to your environment.

Trustaira

Trustaira

Trustaira is the first deep tech solution and service company in Bangladesh.

Defimoon

Defimoon

DeFimoon is the International Blockchain Development & Security Agency. We provide professional services and solutions at the highest quality on world-leading chains.

Softanics

Softanics

Softanics’ ArmDot protects .NET apps with advanced obfuscation, control flow protection, and virtualization, securing code against reverse engineering without requiring agents or environment changes.