Department of Government Efficiency personnel have jeopardized the security of Americans’ personal information by uploading sensitive data into cloud environments without the necessary safeguards or oversight, a top Senate Democrat alleges in a report released on Thursday.
The investigation, spearheaded by Sen. Gary Peters, D-Mich. — the ranking member of the Senate Homeland Security and Governmental Affairs Committee — and Democrat staffers on the panel, warned that DOGE “operates outside of, and even counter to, federal law and their purported efficiency and transparency goals.”
President Donald Trump set up the unit on his first day in office and directed it to focus on slashing federal employees and spending, as well as modernizing federal technology. DOGE has come under criticism since then, however, for hoovering up sensitive government data and having its employees handle the collected information without restrictions.
“This environment results in serious cybersecurity vulnerabilities, privacy violations, and risk of corruption that could open Americans’ most sensitive information to targeting by malicious actors or allow it to be used in ways that violate fundamental privacy rights — or serve to benefit DOGE employees and the private companies with which many maintain strong ties,” the report said.
Among the whistleblower complaints detailed in the report were allegations from a former Social Security Administration official that DOGE employees uploaded a live copy of confidential agency data into a vulnerable cloud server.
Chuck Borges, SSA’s former chief data officer, said that DOGE employees at the agency “had access to personal data on all Americans, including Social Security numbers (SSNs), in a cloud environment without any verified security controls and without standard agency visibility into their use of that data” — a level of access that even exceeded Borges’ role. One of these SSA-based DOGE employees, Edward Coristine, had previously been fired from a private sector position for reportedly sharing sensitive data with a competitor.
“Because agency officials allegedly do not have oversight of these DOGE employees’ actions, they cannot know whether these individuals have moved any data out of SSA, granted access to the data to unauthorized users, including to private companies, or whether the data has been accessed illicitly,” the report added.
Thursday’s report comes after Senate Finance Committee Chairman Mike Crapo, R-Idaho, asked SSA earlier this month to provide information to the panel in response to Borges’ claims. An agency spokesperson told Nextgov/FCW at the time that “the data referenced in the complaint is stored in a long-standing environment used by SSA and walled off from the internet” and added that high-level agency officials have administrative access to the system.
Democrat staffers on the Senate Homeland Security and Governmental Affairs Committee also identified “a clear pattern” across agencies, where officials who questioned DOGE’s work were sidelined or let go and DOGE-affiliated personnel were embedded into key positions, such as being named chief information officers. These employees were then able to approve DOGE staffers to work with sensitive data, often without following standard oversight procedures.
DOGE personnel also reportedly directed agencies to assist them in creating databases containing highly sensitive information on most Americans. Thursday’s report said a cyberbreach of these cloud environments would be catastrophic.
“An internal SSA risk assessment determined that the likelihood of a data breach with ‘catastrophic adverse effect’ is between 35 and 65 percent,” the report said. “The potential breach of this sensitive data, and its potential misuse, significantly increase the urgency for DOGE to stop any high-risk projects and disclose its work to Congress and the public.”
