DOGE Is Undermining US Government Cyber Security

Before the Trump administration took office, what has become known as DOGE, or the Department of Government Efficiency, was touted as a tool for injecting private sector efficiencies into the federal workforce. 

Under the leadership of Elon Musk, DOGE has had an immediate impact,  resulting in mass redundancies and the closure of federal offices and agencies, including as the US Agency for International Development (USAID).

Less obvious are the effects of DOGE’s unprecedented access to many highly sensitive federal databases and payment tools. 

Now, the US government has experienced what may be the most consequential security breach in its history and its not through a sophisticated cyber attack or an act of foreign espionage, but through official orders by Elon Musk with a poorly defined government role.

The implications for US national security are undoubtedly serious:-

  • It is reported that people associated with the newly created DOGE have accessed the US Treasury computer system, giving them the ability to collect data on and potentially control the department’s roughly $5.45 trillion in annual federal payments.
  • The Office of Personnel Management, which holds detailed personal data on millions of federal employees, including those with security clearances, was compromised by DOGE investigators and it is alleged that government employees's medical records have been compromised. 
  • DOGE personnel, without the customary level of security clearances, have  gained access to classified data from  USAID, possibly copying it onto their own systems. 
  • DOGE personnel are also reported to be loading government data into Artificial Intelligence software, with unknown consequences.
  • The partially redacted names of CIA employees were sent over an unclassified and vulnerable email account.
  • In early February, a US federal judge blocked  the DOGE team from accessing the Treasury Department systems bit only after DOGE personnel had already copied data and installed and modified software. 

Given the extent and apparent careless behaviour of the people working at DOGE it seems highly likely that significant breaches other critical government systems have already occurred.

The types of data that could be accessed by DOGE would be sensitive tax and medical data stored at the IRS and Social Security Administration (SSA). This could include information on charitable donations, tax returns, disability diagnoses, adoption of children, as well as the immigration status of certain individuals. However, it should be noted that Stephen Miller, who is the White House deputy chief of staff for policy and US homeland security advisor, reassured the American public that DOGE was only searching for evidence of fraud and “unfair politicization” of tax data at the “programmatic level.”

Another potential issue that could arise regarding DOGE’s data access is that without transparency as to why they require the desired data as well as the purpose of attaining it, US taxpayers could be concerned about their private tax data not remaining confidential. With the IRS and SSA storing an abundance of sensitive data relating to such as large population of people, there will always be the risk of the abuse of this data, as well as cybersecurity breach considerations.

In particular, there is the possibillity that that as the head of DOGE Elon Musk, could obtain have access to the tax records of corporate competition as well as possible IRS investigations of his competitors’ companies.

In expert comment, Craig Watt, Threat Intelligence Consultant at Quorum Cyber, said "There is always the potential that access to this type of data could expose US government networks to cybersecurity vulnerabilities and provide threat actors with the opportunity to capitalise on the risk presented by disclosures of sensitive and personal data." 

These events surrounding DOGE's activties have perilous consequences, unless qualified and experienced federal employees are able to stand up for and maintain the previous strict  protocols protecting national security.

FP   |    FP   |    NBC   |   CISO Series   |     Wired   |  HKS   

Image: Ideogram

You  Might Also Read:  

US DOGE.gov Website Found Wide Open:


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« How CISOs Can Demonstrate The Value Of Their Investments
Israel’s Emergency Medical Service Attacked »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

KPMG

KPMG

KPMG s a leading provider of professional services including information technology and cyber security consulting.

ISTQB

ISTQB

ISTQB has defined the "ISTQB Certified Tester" scheme that has become the world-wide leader in the certification of competences in software testing.

FIDO Alliance

FIDO Alliance

FIDO Alliance is a non-profit organization formed to address the lack of interoperability among strong authentication devices.

PhishLabs

PhishLabs

PhishLabs provides 24/7 services that help organizations protect against the cyberattacks targeting their employees, their customers and their brands.

Open Systems International (OSI)

Open Systems International (OSI)

Our innovative Operations Technology (OT) solutions are highly scalable and can be deployed by various utility companies to monitor, control and optimize their real-time operations.

National Cybersecurity Hub - South Africa

National Cybersecurity Hub - South Africa

The mission of the National Cybersecurity Hub is to be the central point of collaboration for cybersecurity incidents in South Africa.

SOOHO

SOOHO

SOOHO helps to detect security vulnerabilities earlier. Our blockchain security platform audits from smart contracts to on-chain transactions.

drie

drie

drie is an end-to-end cloud services company based in Bahrain, Dubai and London. We enable businesses to adopt, scale on and build for cloud.

AML Global Solutions (AMLGS)

AML Global Solutions (AMLGS)

AMLGS delivers Financial Crime prevention training programmes and consultancy services encompassing Anti-Money Laundering (AML), Counter Terrorism Financing (CTF), Bribery & Corruption and Fraud.

MorganFranklin Consulting

MorganFranklin Consulting

MorganFranklin Consulting is a management advisory firm that works with businesses and government to address complex and transformational technology and business objectives including cybersecurity.

Proximity

Proximity

Proximity is a leading professional services organisation providing consulting, legal and commercial advisory solutions with a focus on government and regulated industries.

Aiden Technologies

Aiden Technologies

Aiden simplifies your IT process, giving you peace of mind and security by ensuring your computers get exactly the software they need and nothing else.

Triangle

Triangle

Triangle enable innovative business transformation by ensuring critical hybrid infrastructures are optimised, interoperable and secure.

Port443

Port443

Port443 specialises in providing Security Orchestration, Automation and Remediation (SOAR) "as a service".

DeviQA

DeviQA

DeviQA provide best-in-class quality assurance services to companies of all sizes.

A&O Shearman

A&O Shearman

A&O Shearman is a law firm at the forefront of the forces changing the current of global business: energy transition, life sciences, technology, private capital, finance and beyond.