Data Privacy,
Data Security,
Government
Agency Official Claims Ex-DOGE Employee’s Data Breach Breached Security Protocols
A recent court filing reveals that a staff member from the Department of Government Efficiency (DOGE) may have compromised data security protocols by transmitting an unencrypted database containing personally identifiable information to two high-ranking officials from the Trump administration. This breach raises significant concerns regarding adherence to established security policies.
David Ambrose, acting chief information security officer at the Bureau of the Fiscal Service (BFS), testified in a lawsuit initiated by state attorneys general against DOGE, which was formed to execute President Trump’s and Elon Musk’s vision for a streamlined federal government. Ambrose stated that Marko Elez, a DOGE employee, sent sensitive information without proper agency authorization, prior to resigning amid controversy over provocative social media statements, including an inflammatory remark on X asserting: “I was racist before it was cool.” Reports from Bloomberg noted that Elez has since been reinstated within the Social Security Administration.
The ongoing lawsuit forms part of a broader allegation that DOGE has been neglecting vital data protection measures in its pursuit to reduce the federal workforce. Ambrose’s testimony underscores the potential risks posed by DOGE employees having access to sensitive government data, highlighting apparent gaps in understanding of security protocols designed to safeguard sensitive information.
According to Ambrose, the unencrypted spreadsheet sent by Elez contained “low-risk” personally identifiable information, limited to names and transaction details, devoid of Social Security numbers or birthdates. However, cybersecurity experts express concern that this incident reflects either an ignorance of federal data security protocols or a deliberate disregard for them, both of which could have severe repercussions.
The court documents confirm that Elez did not alter any payment systems or data records. He was briefly granted “read-write” access to the systems, which was then downgraded to read-only access, yet it remains unclear if he was informed of this change. Ambrose testified that Elez’s actions violated established BFS policies, as the database was unencrypted, and he failed to secure approval as mandated by Form 7005, which dictates necessary disclosures and security measures for data transmission.
Judge Paul Engelmayer of the U.S. District Court for the Southern District of New York has indicated that DOGE’s access to BFS systems heightens the risk of hacking for a division responsible for dispersing trillions of dollars each year. The court has issued a temporary restraining order, instructing all special government employees to eliminate any copies of materials derived from the Treasury Department’s databases as the investigation proceeds.
As of now, the Treasury Department, DOGE, and the White House have not provided responses to multiple inquiries regarding the situation.
