Operators working for Elon Musk have gained unprecedented access to a sword of US government departments – including agencies responsible for managing data on millions of federal employees and a system that handles $ 6 billion in payments to Americans.
Over the past two weeks, the Musk representatives group – Presidential Advisory Board within the Trump administration known as the Department of Government Performance, or Doge – have Take control of top federal departments and databasesDespite questions about their security waste, their cybersecurity practices and the legality of Musk’s activities.
Whether a feat or a coup – which depends entirely on your point of view – a small group of Mostly young, private sectors employees Of Musk’s businesses and partners – many with no previous government experience – can now see and, in some cases, control the federal government’s most sensitive data held on millions of Americans and the nation’s closest allies.
Musk’s access access to Musk represents the largest known compromise of federal government data from a private group of individuals-and little has gained their way.
Doge acknowledged few details about its ongoing activities. This task was left to the media, which reported questionable cybersecurity practices and the breakdown into long cybersecurity standards that risk sensitive government data from access to unfavorable actors.
Much of Doge’s work avoids overview and transparency, leaving open questions whether cybersecurity and privacy practices are followed. It is unclear whether Doge employees follow the procedures to prevent this data from being accessed from other people, or if any other steps are taken to protect the sensitive data on Americans.
So far the evidence suggests that security is not highest.
For example, Doge staff reportedly used a personal Gmail account to access a government call; and newly filed trial of federal whistles Claims Doge ordered the connection of an unauthorized email server to the government network by violating federal privacy law.
Whether Doge employees are bad actors miss part of the point. Actions of underground, espionage or ignorance could produce the same suboptimal result: exposure or loss of the nation’s sensitive databases.
It is now worth looking at how we got here.
Discussed security rights
The ease in which Doge took over the departments and their extensive US data shops has surprised career officials and US legislators who are still seeking responses from the Trump administration.
Musk’s efforts to control the nation’s data stores also privately alerted cybersecurity professionals, some of whom have spent their careers in government dedicated to securing the most sensitive systems and data of Americans.
Questions remain on what level of security, the Doge personnel has and whether their acting security ban gives them the authority to require access to restrictive federal systems. Upon returning to office, Trump signed an executive order Allowing managing officials to grant “most secret” and compartment security to individuals in the meantime with little to any substantial control, a sharp departure from long -established protocols.
The confusion of Doge employees has led to brief expectations among several career officials at federal departments in recent days. At the US Agency for International Development, or USAID, senior officials were left after standing in Doge’s manner to protect classified information, According to the related press. Doge later gained access to the classified facility at USAID, which reportedly contained reports of intelligence.
Katie Miller, counselor for Doge, said in Post on X that no classified material was accessed by Doge “without proper security bans”, although details of the team’s authorization remains unspecifiedincluding how many people received the temporary secret wastes.
Several Senior lawmakers of the Senate Intelligence Committee said on Wednesday that they are still looking for answers about Doge and what right its members have.
“No information was given to Congress or the public about which was formally employed under Doge, under what authority or regulation Doge works, or how Doge controls and monitors their personnel and representatives before providing them with seemingly unlimited access to classified materials and The personal information of Americans, “the senators wrote.
Doge takeover of government
Within a week of President Trump’s inauguration – and His Executive Order to establish Doge – Musk’s employees have begun to infiltrate various federal agencies. The sensitive payment systems of the US Treasury, which contain personal information from millions of Americans who receive payments from the government, from tax repayments to social security checks, were among the former.
Doge also has gained access To the Office of Personal Administration, the Department of Human Resources of the Government, which includes databases on the personal information of all federal workers, and USAJOBS, who have data on candidates who have applied for federal work.
Officers at the OPM said they had no visibility or control in Musk’s access to its systems. “It creates real cybersecurity and hacking implications,” they told Reuters.
Doge’s activity has led to widespread opposition, including some Republicans.
Senior Ron Wyden (D-OR), who serves as the most senior Democrat in the Senate Financial Committee, Called Musk’s access to sensitive federal payment systems national security riskConsidering the conflict of interest in his extensive trade operations in China. A group of senior Democrats said In a subsequent letter to the treasury that Doge’s access to sensitive government data “could irreparably damage national security.”
In a poster on Bluesky, former Republican strategist Stuart Stevens called the takeover From the systems of the treasury as “the most significant data filtering in cyber history”, adding: “Private people in the data business now have access to your social security information.”
The treasury defended their move to give access to the department’s sensitive payment systemsConfirming in an unprepared response to democratic lawmakers that Musk’s Doge team has access to the banks of personal information from the Americans Treasury. The letter confirms Tom Krause, the general manager of Cloud Software GroupWhoever owns Citrix and several other technology companies is now a treasury. Krause did not return a request for comment.
Doge has since gained access to numerous sensitive internal systems at the Department of Education, including databases containing the personal information about millions of students enrolled in financial assistance. Doge -personnel as well required “access to all” systems at the small business managementincluding contracts, payments and human resource information.
Musk’s team also reportedly have access to payment systems within the US Department of Health and Human Services, and Access to data at the US agency, which manages Medicare and Medicaid. Doge is also By accessing personal systems at the National Ocean and Atmospheric Administration, or NOAA, and plans to access systems at the Department of Transportation.
Domestic and global ramming
There are unpublished security risks that come from conceding access to the US government’s internal data core to a group of unelected and private people with tracking control.
Name only a few things that could happen: accessing the government network of an unpaid computer carrying malware can compromise other devices on the federal network, and allow the theft of sensitive government information, regardless of whether it is classified. And, the abuse of personal information about devices or cloud environments that have not met the standards of the government’s best security specifications, or use the strongest security controls, puts that data with the risk of further compromise or filtering.
These are not unlikely scenes; These types of breaks occur all the time.
Last year alone saw Some of the biggest data breaks in history caused by Malicious access obtained through the personal devices of corporate employeesWho accidentally installed malware by downloading a hit program on its personal computers and not using appropriate security protections as multi-factor authentication. Any compromise of the team’s credentials or access, or any incorrect handling of sensitive databases could result in the unmanageable loss, theft or misrepresentation of sensitive government data.
Perhaps the most critical is Doge, and its activities work outside of public scrutiny.
Officers and lawmakers tasked with government overview, reportedly, have no insights into what data Doge has access to the government, or what its cybersecurity controls or protections are – if at all. The department professionals who have spent much of their careers, protecting access to the data stored in these systems, cannot do much, but stand and watch as private with little or no previous government experience attack their most sensitive data.
Technology and Privacy lawyer Cathy Gellis, Writing in TechdirtArgues Musk and his Doge team are probably “responsible” according to the US Federal Hacking Act, known as the Computer Fraud and Abuse Act, which covers the access of federal systems without the proper authorization. Court should still ultimately determine Doge’s performance as an “unauthorized approach” and therefore illegal, wrote Gellis.
It is also the question of how US state governments will respond to the compromise of their residents’ data at the federal level. US states have data violation laws requiring the protection of their citizens’ data, even if the federal government does not. Does the Musk team access to federal systems cause legal action from the states.
The approach also puts relations with the United States and its diplomatic allies on troubled land. Allied nations may not want to share intelligence with the US government If they think the information could leak, pour into the public property or otherwise lose as a result of the break in cybersecurity practices aimed at protecting sensitive information.
In reality, the cybersecurity consequences of Doge’s ongoing access to federal departments and databases may not be known some time ago.
Contact Zack Whittaker on Signal and WhatsApp at +1 646-755-8849. You can also share documents safely with Techcrunch by Safeguard.
