
DOGE staffer breached US Treasury rules by sharing personal data
What's the story
A Department of Government Efficiency (DOGE) employee in the US, has been accused of breaching Treasury Department policies by distributing a spreadsheet with sensitive personal information, according to Bloomberg.
The employee, Marko Elez, had previously worked on tracking Treasury payments but resigned in early February after social media posts surfaced linking him to racist beliefs.
Despite his resignation, DOGE later rehired him at the Social Security Administration (SSA).
Legal proceedings
Data breach uncovered in lawsuit against Trump's efficiency initiative
The data breach was uncovered during a forensic investigation, Treasury conducted as part of a lawsuit filed by New York and other state attorneys general.
The lawsuit seeks to block President Donald Trump's efficiency initiative from gaining access to sensitive payment information about US taxpayers, contractors, employees, and beneficiaries.
This has raised concerns over the data security practices followed by DOGE at Treasury and other agencies.
Investigation findings
Forensic analysis reveals unauthorized data access
The forensic analysis was initiated after a previous court filing indicated Elez had temporary read-write access to payments data when the court was advised that his access was read-only.
However, it was later clarified that Elez was mistakenly given read-write access, but no changes were made to the payment data.
After resigning, Elez allegedly emailed a spreadsheet containing personally identifiable information (PII) to two officials at the General Services Administration (GSA), another agency managing business operations for the federal government.
Security concerns
Spreadsheet breach raises concerns over DOGE's data security practices
The spreadsheet shared by Elez had names, transaction types, and amounts of money.
Although the Treasury didn't reveal how many payments the spreadsheet contained, David Ambrose, chief privacy officer for the Bureau of Fiscal Service said, "The names in the spreadsheet are considered low-risk PII because the names are not accompanied by more specific identifiers."
However, he admitted that sharing PII without encryption and prior written approval violated Bureau policies.
Data access requirements
DOGE staffers require access to sensitive data for fraud detection
In a separate court case, the SSA said DOGE staffers require access to sensitive data on Social Security beneficiaries "to review records needed to detect fraud."
Elez is one of 10 DOGE staffers at the social insurance agency.
In the context of a Treasury case, the judge barred DOGE-affiliated employees from accessing personal and financial information, but permitted an exception for the Justice Department after detailing training and vetting for DOGE employees.