Agents associated with Elon Musk have achieved unparalleled access to a range of U.S. governmental agencies — including those responsible for handling data on millions of federal employees and a system overseeing $6 trillion in payments to American citizens.
In the initial three weeks of Trump’s second term, Musk’s representatives—part of a presidential advisory board dubbed the Department of Government Efficiency (DOGE)—have taken command over key federal departments and datasets, raising concerns regarding their security clearances, cybersecurity practices, and the legality surrounding Musk’s initiatives.
Whether viewed as an accomplishment or a scandal (which hinges on one’s perspective), a small cohort of predominantly young, private-sector workers from Musk’s entities—many lacking previous governmental experience—are now capable of accessing and, in some instances, controlling the federal government’s most confidential data pertaining to millions of Americans and the nation’s closest allies.
The DOGE team’s entry signifies one of the largest-known breaches of federal data by a private group, with few obstacles deterring their progress.
DOGE has provided scant details regarding its ongoing operations. The responsibility for disclosure appears to have shifted to the media, which has reported alarming cybersecurity practices and the collapse of traditional norms that safeguard sensitive government data against malicious entities.
Much of DOGE’s function seems focused on dodging oversight and transparency, leaving significant questions about compliance with cybersecurity and privacy standards. It remains ambiguous whether DOGE personnel adhere to protocols ensuring this data remains inaccessible to unauthorized parties, or whether any actions are in place to secure the sensitive information of Americans.
Thus far, evidence indicates that maintaining security is not a priority.
For instance, a reported incident involved a DOGE staff member utilizing a personal Gmail account to engage in a government call, while new legal actions from federal whistleblowers allege DOGE instructed that an illicit email server be linked to government networks, contravening federal privacy regulations. Additionally, DOGE personnel are purportedly channeling sensitive information from at least one federal agency into AI applications.
Whether DOGE staffers act as intentional wrongdoers is somewhat beside the point; actions driven by deception, espionage, or ignorance can yield equally detrimental results—exposure or loss of critical national data.
At this juncture, it is essential to analyze the trajectory that led us here.
Dubious Security Clearances
The rapidity with which DOGE gained control over departments and the extensive databases of American citizens surprised career officials and U.S. lawmakers, who are still seeking explanations from the Trump administration.
Musk’s initiatives to seize control of national data repositories have also raised alarms among cybersecurity professionals, some of whom have dedicated their careers to safeguarding the nation’s most sensitive systems and data.
Uncertainties abound regarding the level of security clearance held by DOGE staff and whether their temporary clearances authorize them to seek access to restricted federal systems. Upon reclaiming the presidency, Trump issued an executive order permitting administration officials to grant “top secret” and compartmentalized security clearances to individuals temporarily, with minimal vetting—marking a stark deviation from established protocols.
Uncertainty regarding DOGE staff clearances has resulted in several brief confrontations between career officials in various federal departments in recent days. At the U.S. Agency for International Development (USAID), senior officials were suspended after attempting to safeguard classified information from DOGE staff, according to Associated Press. DOGE subsequently accessed classified facilities at USAID, which purportedly housed intelligence reports.
Katie Miller, an advisor for DOGE, claimed in a post on X that no classified data was accessed by DOGE “without proper security clearances,” although the specifics concerning the team’s clearances remain unclear, particularly regarding how many personnel received temporary secret clearances.
Numerous members of the Senate Select Committee on Intelligence indicated Wednesday they were still pursuing information regarding DOGE’s operations and the level of clearance its members hold.
“No information has been provided to Congress or the public regarding who has been formally retained under DOGE, under what authority or regulations DOGE operates, or how DOGE is vetting and overseeing its staff and representatives before granting them seemingly unrestricted access to classified materials and the personal information of Americans,” the senators stated.
DOGE’s Ascendancy in the Federal Government
Within a week of President Trump’s inauguration and following his executive order to establish DOGE, Musk’s team began infiltrating various federal agencies. The U.S. Treasury’s sensitive payment systems, which hold personal information about millions of citizens who receive government funds, including tax refunds and Social Security payments, was among the first targeted.
Moreover, DOGE has secured access to the Office of Personnel Management (OPM), which oversees the personal information of all federal employees, and USAJOBS, a database containing details on applicants for federal employment.
Officials from the OPM remarked that they had no visibility or oversight regarding Musk’s team’s access to their systems. “It poses serious cybersecurity and hacking risks,” they told Reuters.
DOGE’s actions have incited significant backlash, including from certain Republican officials.
Senator Ron Wyden (D-OR), the leading Democrat on the Senate Finance Committee, declared Musk’s access to sensitive federal payment systems poses a national security threat, especially given the potential conflict of interest arising from his extensive business dealings in China. A group of senior Democrats later warned in a letter to the Treasury that DOGE’s access to sensitive government data “could irreparably harm national security.”
On Bluesky, former Republican strategist Stuart Stevens described the takeover of the Treasury’s systems as “the most significant data leak in cyber history,” stating: “Private individuals in the data business now have access to your Social Security information.”
The Treasury justified its decision to allow access to the department’s sensitive payment systems, confirming to Democratic lawmakers that Musk’s DOGE team has legitimate access to the Treasury’s extensive databases containing personal information of Americans. Tom Krause, the CEO of Cloud Software Group, owner of Citrix and other tech firms, is currently serving as a senior Treasury staffer in the role of assistant secretary and oversees trillions in public funds.
DOGE has also acquired access to numerous internal systems within the Department of Education, including databases containing personal details about millions of students enrolled in financial aid. Reports from The Washington Post indicate that DOGE staff have input sensitive employee and financial information from the department into an AI program designed to analyze the agency’s expenditures. Moreover, DOGE personnel have requested “unrestricted access” to all systems at the Small Business Administration, encompassing contracts, payment records, and HR data.
Musk’s team has also been reported to have access to payment systems within the U.S. Department of Health and Human Services, as well as data at the federal agency responsible for administering Medicare and Medicaid.
Additionally, DOGE is reportedly accessing personnel systems at the National Oceanic and Atmospheric Administration (NOAA) and intends to gain access to aviation systems at the Federal Aviation Administration after Transportation Secretary Sean Duffy permitted DOGE entry. Musk has stated via a post on X that DOGE aims to “implement swift enhancements to the air traffic control system,” although specifics have not been provided.
Subsequently, DOGE secured access to the IT systems of the Department of Energy, in spite of reported concerns from officials about the absence of standard background checks on DOGE staffers. Additionally, Musk’s team allegedly has read-only access to information housed within the Consumer Financial Protection Bureau, the federal consumer regulatory body.
Domestic and Global Consequences
Granting access to the critical data infrastructure of the U.S. government to a cadre of unelected private individuals poses an array of security threats.
To illustrate the potential perils: Unauthorized access to government networks from non-compliant computers laden with malware can endanger other devices within the federal network and facilitate the theft of sensitive government information, irrespective of its classification status. Inappropriate handling of personal data using devices or cloud services that fail to meet federal security standards or implement robust security measures significantly increases the risk of data exposure or breach.
These scenarios are not merely hypothetical; breaches of this nature occur regularly.
Last year alone witnessed some of the worst data breaches on record, stemming from malicious access obtained via employees’ personal devices who inadvertently installed malware by incorrectly downloading fraudulent software and neglecting essential security precautions like multi-factor authentication. Any compromise of DOGE’s credentials or oversight, or any mishandling of sensitive databases could culminate in irrevocable loss, theft, or misappropriation of critical government data.
Perhaps most concerning is the fact that DOGE and its operations transpire away from public scrutiny.
Those entrusted with oversight of government practices reportedly lack insight into the nature of the data DOGE can access within federal agencies or the cybersecurity controls or safeguards in place—if any exists. Department professionals, seasoned in protecting access to data within these systems, are largely helpless, forced to observe as private individuals with little governmental background exploit their most confidential databases.
Legal expert in technology and privacy Cathy Gellis posits that Musk and his DOGE team may be “personally liable” under U.S. federal hacking laws, specifically the Computer Fraud and Abuse Act, which prohibits accessing federal systems absent appropriate authorization. Ultimately, a court would need to assess whether DOGE’s actions constitute “unauthorized access” rendering them illegal, as Gellis notes.
Moreover, there are significant implications concerning how U.S. state governments might react to the exposure of their residents’ data at the federal level. Many states enact data breach laws that mandate the safeguarding of their citizens’ information, irrespective of whether federal measures are in place. A coalition of more than a dozen Democratic state attorneys general has indicated plans to file a lawsuit to prevent DOGE from accessing sensitive federal payment systems that contain personal data of Americans, although no timeline has been provided.
This access also jeopardizes relationships between the U.S. and its international allies. Nations may hesitate to share intelligence with the U.S. if they suspect that information could be compromised or undermined due to a breakdown in cybersecurity measures protecting sensitive data.
In reality, the cybersecurity repercussions of DOGE’s ongoing access to federal agencies and datasets may not be fully realized for some time.
Contact Zack Whittaker on Signal and WhatsApp at +1 646-755-8849. You can also share documents securely with TechCrunch via SecureDrop.
Originally published on February 5, 2025.
Compiled by Techarena.au.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
