DOGE Is Undermining US Government Cyber Security

Uploaded on 2025-03-11 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW

Before the Trump administration took office, what has become known as DOGE, or the Department of Government Efficiency, was touted as a tool for injecting private sector efficiencies into the federal workforce. 

Under the leadership of Elon Musk, DOGE has had an immediate impact,  resulting in mass redundancies and the closure of federal offices and agencies, including as the US Agency for International Development (USAID).

Less obvious are the effects of DOGE’s unprecedented access to many highly sensitive federal databases and payment tools. 

Now, the US government has experienced what may be the most consequential security breach in its history and its not through a sophisticated cyber attack or an act of foreign espionage, but through official orders by Elon Musk with a poorly defined government role.

The implications for US national security are undoubtedly serious:-

  • It is reported that people associated with the newly created DOGE have accessed the US Treasury computer system, giving them the ability to collect data on and potentially control the department’s roughly $5.45 trillion in annual federal payments.
  • The Office of Personnel Management, which holds detailed personal data on millions of federal employees, including those with security clearances, was compromised by DOGE investigators and it is alleged that government employees's medical records have been compromised. 
  • DOGE personnel, without the customary level of security clearances, have  gained access to classified data from  USAID, possibly copying it onto their own systems. 
  • DOGE personnel are also reported to be loading government data into Artificial Intelligence software, with unknown consequences.
  • The partially redacted names of CIA employees were sent over an unclassified and vulnerable email account.
  • In early February, a US federal judge blocked  the DOGE team from accessing the Treasury Department systems bit only after DOGE personnel had already copied data and installed and modified software. 

Given the extent and apparent careless behaviour of the people working at DOGE it seems highly likely that significant breaches other critical government systems have already occurred.

The types of data that could be accessed by DOGE would be sensitive tax and medical data stored at the IRS and Social Security Administration (SSA). This could include information on charitable donations, tax returns, disability diagnoses, adoption of children, as well as the immigration status of certain individuals. However, it should be noted that Stephen Miller, who is the White House deputy chief of staff for policy and US homeland security advisor, reassured the American public that DOGE was only searching for evidence of fraud and “unfair politicization” of tax data at the “programmatic level.”

Another potential issue that could arise regarding DOGE’s data access is that without transparency as to why they require the desired data as well as the purpose of attaining it, US taxpayers could be concerned about their private tax data not remaining confidential. With the IRS and SSA storing an abundance of sensitive data relating to such as large population of people, there will always be the risk of the abuse of this data, as well as cybersecurity breach considerations.

In particular, there is the possibillity that that as the head of DOGE Elon Musk, could obtain have access to the tax records of corporate competition as well as possible IRS investigations of his competitors’ companies.

In expert comment, Craig Watt, Threat Intelligence Consultant at Quorum Cyber, said "There is always the potential that access to this type of data could expose US government networks to cybersecurity vulnerabilities and provide threat actors with the opportunity to capitalise on the risk presented by disclosures of sensitive and personal data." 

These events surrounding DOGE's activties have perilous consequences, unless qualified and experienced federal employees are able to stand up for and maintain the previous strict  protocols protecting national security.

FP   |    FP   |    NBC   |   CISO Series   |     Wired   |  HKS   

Image: Ideogram

You  Might Also Read:  

US DOGE.gov Website Found Wide Open:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« How CISOs Can Demonstrate The Value Of Their Investments
Israel’s Emergency Medical Service Attacked »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Bryan Cave LLP

Bryan Cave LLP

Bryan Cave LLP is a global business and litigation law firm. Practice areas include Data Privacy and Security.

Altius IT

Altius IT

Altius IT reviews your website for security vulnerabilities and provides a report identifying vulnerabilities and recommendations to make secure.

herdProtect

herdProtect

herdProtect is a second line of defense malware scanning platform powered by 68 anti-malware engines in the cloud.

Delta Risk

Delta Risk

Delta Risk is a global provider of managed security services and cyber security risk management solutions to government and private sector clients.

SteelCloud

SteelCloud

SteelCloud has spent the last decade inventing technology to automate policy compliance, configuration control, and Cloud security.

InPhySec

InPhySec

InPhySec is a leading New Zealand information, physical and cyber security company.

Beazley

Beazley

Beazley are a specialist insurer with three decades of experience in providing clients with the highest standards of underwriting and claims service worldwide.

RapidScale

RapidScale

RapidScale’s managed cloud solutions provide reliable, innovative, and secure services, all complete with white-glove service and full management options.

NetSPI

NetSPI

NetSPI is an information security penetration testing and vulnerability assessment management advisory firm.

Cyber Range Solutions (CRS)

Cyber Range Solutions (CRS)

CRS provides cyber security training and improve security team performance by providing a hyper realistic, virtual training environment.

Edgile

Edgile

Edgile is the trusted cyber risk and regulatory compliance partner to the world’s leading organizations, providing consulting, managed services, and harmonized regulatory content.

Coviant Software

Coviant Software

Coviant Software delivers secure managed file transfer (MFT) software that integrates smoothly and easily with business processes.

Catalogic Software

Catalogic Software

Catalogic helps clients backup, recover, manage, and protect their data across their enterprise and cloud environments with Smart Data Protection solutions.

Myntex

Myntex

Myntex® builds the future of mobile security. We empower our partners to deliver exclusive mobile endpoint security software, fortifying against mobile threats, device exploits and data exfiltration.

CloudBees

CloudBees

CloudBees is building the world’s first end-to-end automated software delivery system, enabling companies to balance governance and developer freedom.

RIIG Technology

RIIG Technology

Our mission is to empower organizations with high-quality, verifiable data and advanced intelligence solutions, ensuring robust security and effective risk management.