Operatives working for Elon Musk have gained unprecedented entry to a swath of U.S. authorities departments — together with businesses accountable for managing information on thousands and thousands of federal staff and a system that handles $6 trillion in funds to Americans.
During the primary three weeks of Trump’s second administration, Musk’s group of representatives — a presidential advisory board referred to as the Department of Government Efficiency, or DOGE — has taken management of prime federal departments and datasets, regardless of questions on their safety clearances, their cybersecurity practices, and the legality of Musk’s actions.
Whether a feat or a coup (which relies upon completely in your perspective), a small group of principally younger, private-sector staff from Musk’s companies and associates — many with no prior authorities expertise — can now view and, in some instances, management the federal authorities’s most delicate information held on thousands and thousands of Americans and the nation’s closest allies.
The entry by Musk’s DOGE group represents the widest-known compromise of federal government-held information by a personal group of people — and little has gotten of their means.
DOGE has acknowledged few particulars about its ongoing actions. That job has been left to the media, which has reported questionable cybersecurity practices and the breakdown in long-standing cybersecurity norms that danger delicate authorities information from being accessed by nefarious actors.
Much of DOGE’s work is avoiding oversight and transparency, leaving open questions round whether or not cybersecurity and privateness practices are being adopted. It’s unclear whether or not DOGE staffers are following the procedures to maintain this information from being accessed by different individuals, or if every other steps are being taken to guard the delicate information on Americans.
So far, the proof means that safety is just not prime of thoughts.
For instance, a DOGE staffer reportedly used a private Gmail account to entry a authorities name, and a newly filed lawsuit by federal whistleblowers claims DOGE ordered an unauthorized electronic mail server to be related to the federal government community, which violates federal privateness regulation. DOGE staffers are additionally stated to be feeding delicate information from no less than one authorities division into AI software program.
Whether DOGE staffers are dangerous actors misses a part of the purpose. Acts of subterfuge, espionage, or ignorance may produce the identical suboptimal consequence: publicity or lack of the nation’s delicate datasets.
For now, it’s value how we obtained right here.
Questionable safety clearances
The ease through which DOGE took over the departments and their huge shops of Americans’ information took profession officers and U.S. lawmakers unexpectedly, who proceed to hunt solutions from the Trump administration.
Musk’s efforts to take management of the nation’s information shops additionally privately alarmed cybersecurity professionals, a few of whom have spent their careers in authorities devoted to securing Americans’ most delicate techniques and information.
Questions stay about what stage of safety clearance the DOGE employees have and whether or not their interim safety clearance provides them the authority to demand entry to restricted federal techniques. On returning to workplace, Trump signed an govt order permitting administration officers to grant “prime secret” and compartmentalized safety clearance to people on an interim foundation with little to no substantial vetting, a pointy departure from long-established protocols.
The confusion over DOGE employees clearances has led to temporary standoffs between a number of profession officers at federal departments in current days. At the U.S. Agency for International Development (USAID), senior officers had been placed on go away after standing in the best way of DOGE employees to guard categorized info, based on the Associated Press. DOGE subsequently gained entry to the categorized facility at USAID, which reportedly contained intelligence stories.
Katie Miller, an adviser for DOGE, stated in a put up on X that no categorized materials was accessed by DOGE “with out correct safety clearances,” although particulars of the group’s clearance stays unspecified, together with how many individuals had been granted the interim secret clearances.
Several senior lawmakers of the Senate Select Committee on Intelligence stated Wednesday that they had been nonetheless searching for solutions about DOGE and what clearance its members have.
“No info has been offered to Congress or the general public as to who has been formally employed underneath DOGE, underneath what authority or laws DOGE is working, or how DOGE is vetting and monitoring its employees and representatives earlier than offering them seemingly unfettered entry to categorized supplies and Americans’ private info,” the senators wrote.
DOGE’s takeover of the federal authorities
Within per week of President Trump’s inauguration — and his govt order establishing DOGE — Musk’s staffers started infiltrating quite a lot of federal businesses. The U.S. Treasury’s delicate funds techniques, which include private info of thousands and thousands of Americans who obtain funds from the federal government, from tax refunds to Social Security checks, was among the many first.
DOGE has additionally gained entry to the Office of Personnel Management, the federal government’s human sources division that features databases on the private info of all federal employees, and USAJOBS, which has information on candidates who utilized for a federal job.
Officials on the OPM stated they’d no visibility or oversight into Musk’s group’s entry to its techniques. “It creates actual cybersecurity and hacking implications,” they informed Reuters.
DOGE’s exercise has led to widespread opposition, together with from some Republicans.
Senator Ron Wyden (D-OR), who serves as probably the most senior Democrat on the Senate Finance Committee, referred to as Musk’s entry to delicate federal funds techniques a nationwide safety danger, given the battle of curiosity over his intensive enterprise operations in China. A bunch of senior Democrats later stated in a letter to the Treasury that DOGE’s entry to delicate authorities information “may irreparably harm nationwide safety.”
In a put up on Bluesky, former Republican strategist Stuart Stevens referred to as the takeover of the Treasury’s techniques “probably the most important information leak in cyber historical past,” including: “Private people within the information enterprise now have entry to your Social Security info.”
The Treasury defended its transfer to grant entry to the division’s delicate funds techniques, confirming in an unattributed response to Democratic lawmakers that Musk’s DOGE group has entry to the Treasury’s banks of non-public info on Americans. Tom Krause, the chief govt of Cloud Software Group, which owns Citrix and several other different expertise corporations, is now a senior Treasury worker serving as assistant secretary and has management over trillions of {dollars} in public funds.
DOGE has since gained entry to a number of delicate inner techniques on the Department of Education, together with datasets containing the private info on thousands and thousands of scholars enrolled in monetary help. The Washington Post stories that DOGE staffers fed delicate worker and monetary information from the division into an AI system to probe the company’s spending. DOGE employees additionally demanded “entry to all” techniques on the Small Business Administration, together with contracts, funds, and human sources info.
Musk’s group additionally reportedly has entry to cost techniques throughout the U.S. Department of Health and Human Services, and entry to information on the U.S. company that administers Medicare and Medicaid.
DOGE can also be accessing personnel techniques on the National Oceanic and Atmospheric Administration (NOAA) and plans to entry aviation techniques on the Federal Aviation Administration after Transportation Secretary Sean Duffy granted DOGE entry. Musk stated in a put up on X that DOGE plans to “make speedy security upgrades to the air site visitors management system,” with out offering specifics.
Later, DOGE gained entry to the Department of Energy’s IT techniques, regardless of reported issues by officers on the lack of an ordinary background test on a DOGE staffer. Musk’s staffers additionally reportedly have read-only entry to information throughout the federal shopper watchdog, the Consumer Financial Protection Bureau.
Domestic and world ramifications
There are untold safety dangers that come from granting entry to the interior information core of the U.S. authorities to a bunch of unelected and personal people with spurious vetting.
To title simply a few issues that would go improper: Accessing the federal government community from a non-approved laptop harboring malware can compromise different gadgets on the federal community and permit the theft of delicate authorities info, no matter whether or not it’s categorized. And the mishandling of non-public info on gadgets or cloud environments that haven’t met the requirements of the federal government’s prime safety specs, or use the strongest safety controls, places that information liable to additional compromise or leak.
These are usually not unlikely eventualities; these sorts of breaches occur on a regular basis.
Last 12 months alone noticed a number of the greatest information breaches in historical past attributable to malicious entry gained by means of the private gadgets of firm staff, who unintentionally put in malware by downloading knock-off software program onto their private computer systems and never utilizing correct safety protections like multi-factor authentication. Any compromise of the group’s credentials or entry, or any improper dealing with of delicate databases may outcome within the irretrievable loss, theft, or misplacement of delicate authorities information.
Perhaps most troubling is DOGE, and its actions, are working exterior of public scrutiny.
Officials and lawmakers tasked with authorities oversight reportedly haven’t any perception into what information DOGE has entry to throughout the authorities or what its cybersecurity controls or protections are — if any in any respect. The departmental professionals who’ve spent a lot of their careers defending entry to the info saved in these techniques can’t do a lot however stand by and watch as personal people with little to no prior authorities expertise raid their most delicate datasets.
Technology and privateness lawyer Cathy Gellis, writing in Techdirt, argues Musk and his DOGE group are probably “personally liable” underneath the U.S. federal hacking regulation, referred to as the Computer Fraud and Abuse Act, which covers the accessing of federal techniques with out the right authorization. A courtroom would nonetheless in the end have to find out DOGE’s exercise as “unauthorized entry” and subsequently unlawful, wrote Gellis.
There can also be the query of how U.S. state governments will reply to the compromise of their residents’ information on the federal stage. U.S. states have information breach legal guidelines requiring the safety of their residents’ information, even when the federal authorities doesn’t. A coalition of greater than a dozen Democratic state attorneys normal stated they may file a lawsuit to dam DOGE accessing delicate federal authorities cost techniques containing private information on Americans, with out offering a timeline.
The entry additionally places relationships with the United States and its diplomatic allies on shaky floor. Allied nations might not wish to share intelligence with the U.S. authorities in the event that they suppose the data may leak, spill into the general public area, or in any other case get misplaced on account of the breakdown in cybersecurity practices aimed toward defending delicate info.
In actuality, the cybersecurity penalties of DOGE’s ongoing entry to federal departments and datasets might not be recognized for a while.
Contact Zack Whittaker on Signal and WhatsApp at +1 646-755-8849. You also can share paperwork securely with TechCrunch through SecureDrop.
First revealed on February 5, 2025.
