DOGE’s Data Grabs and Downsizing Jeopardize Our National Security

The Trump Administration’s Department of Government Efficiency (DOGE), a non-governmental entity, has sought access to sensitive agency data and led federal workforce cuts. Headed by tech executive Elon Musk, DOGE’s “move fast, break things” Silicon Valley mindset threatens to do just that: quickly break critical U.S. technical infrastructure. By trying to seize control of federal digital systems, DOGE is undermining U.S. cybersecurity efforts and endangering national security.

Over the past two months, DOGE has quickly embedded itself across government agencies. Despite failing to disclose the full scope of its actions, one thing is clear: DOGE has gained sweeping access to millions of Americans’ sensitive, personal information held by government systems. While laws and regulations protect this data, reports reveal DOGE’s likely violation of these protections and negligent security practices.

Ongoing lawsuits claim DOGE is violating federal data protections, such as the Privacy Act of 1974. Finding sufficient evidence of these violations, courts have temporarily blocked some of DOGE’s infringement into databases. At the same time, reports from inside the agencies raise alarms over activities that could compromise data security. For example, DOGE’s use of an unapproved private server to connect to government networks at the Office of Personnel Management (OPM) prompted a lawsuit. At the Department of Labor, employees flagged DOGE approval for remote-access and file-transfer software as a potential security risk for the dozens of agency databases holding personally identifiable information. At the U.S. Agency for International Development and the Consumer Financial Protection Bureau, DOGE employees gained the ability to not only view but also modify systems. One DOGE employee was even mistakenly granted such “read-write” privileges on a Treasury Department payment system. Court documents also revealed that a DOGE employee sent unencrypted personal data to administration officials—a move that directly violates department policies. The reported use of AI tools raises more concerns about how DOGE is accessing and using Americans’ sensitive data. These security concerns are further compounded by DOGE employees’ access to government records without proper training or clearances.

DOGE’s efforts to gain unfettered back-end access to federal digital infrastructure threaten data privacy and may weaken digital systems’ integrity. Accessing, sharing, or processing data through insecure means and using unvetted personnel, software, or hardware bypasses established protocols and can create cybersecurity vulnerabilities. Further, the lack of transparency around DOGE actions can obscure new security risks. Any unknown or undocumented change to systems by DOGE can create confusion around which changes are authorized and which are not. Bad actors can exploit this ambiguity to steal or access government data, embed themselves into federal networks, or install malware—all in ways that may be more difficult to detect amidst the chaos surrounding DOGE. Without appropriate oversight, DOGE is actively increasing the risk of Americans’ personal data being exposed, breached, or politically misused.

Moreover, a March 2025 Executive Order confirmed fears of DOGE’s aim to centralize access to sensitive data. The EO requires agencies to provide “full and prompt access to all unclassified agency records, data, software systems, and information technology systems” to facilitate “sharing and consolidation” of data. While responsible data sharing is valuable, DOGE and the EO are doing the opposite. DOGE has flouted data privacy and security norms. Aggregating sensitive data into one place without the necessary protections makes misuse easier, dramatically increases vulnerabilities, and represents an especially appealing target for hackers seeking a wide range of government data.

The U.S. government’s digital infrastructure has been built over decades, with systems and processes changing slowly to fit the needs of the public sector. While modernization is needed, these systems require staff with institutional knowledge and experience to maintain functionality and security. Federal employees and contractors have been vetted and trained on government systems. They regularly issue updates, patch vulnerabilities, assess privacy risks, and monitor data leaks and breaches. But DOGE workforce cuts through buyouts and indiscriminate mass firings leave fewer people to successfully safeguard networks from attacks or train the next generation of federal cybersecurity professionals.

The overall loss of skilled technologists threatens to weaken and destabilize federal technical systems. If DOGE’s goal is to improve digital infrastructure, its actions don’t support that. DOGE has crippled the General Service Administration’s Technology Transformation Service—which leads government IT modernization efforts—by firing technologists and dismantling its 18F team. Tasked with improving public-facing digital services across federal agencies, the 18F team helped design key U.S. systems like login.gov and IRS Direct File. Similarly, the U.S. Digital Service, originally tasked with improving U.S. digital tools and services, was downsized after a January Executive Order transformed the agency into the U.S. DOGE Service. A month later, 21 Digital Service employees resigned in protest over DOGE’s actions that “compromise core government systems, jeopardize American’s sensitive data, or dismantle critical public service.”

DOGE has also ushered in haphazard firings at agencies tasked with protecting national security. The Cybersecurity and Infrastructure Security Agency (CISA)—which protects critical infrastructure, defends against foreign cyber attacks, and oversees election safety—saw DOGE-led cuts in its workforce, including staff who have highly technical expertise in national cybersecurity and defend against Russian and Chinese hacks. Firings at intelligence agencies, the Department of Defense, and even the National Nuclear Security Administration, raise questions about DOGE’s impact on the government’s ability to maintain baseline security.

The dismantling of federal staff is deliberate. It weakens pushback against DOGE from experienced IT and cybersecurity professionals while creating openings to install staff who are more dedicated to DOGE. Such DOGE employees and loyalists can facilitate future incursions into agency networks by granting access to systems and their data. Furthering security risks, the employees that Elon Musk has so far entrusted to handle sensitive U.S. data have little work or government experience. Some seem to lack core competencies—failing to even secure their own website (doge.gov).

Cybersecurity experts have made it clear: DOGE’s actions undermine U.S. national security by increasing cyber vulnerabilities. This comes at a time when U.S. federal agencies are experiencing an uptick in cyberattacks. A 2024 Office of Management and Budget (OMB) report (which the White House quietly removed from their website) found a 10 percent increase in cyberattacks against federal agencies in FY2023.

Federal agencies are popular targets of foreign adversaries. Just last year, investigations revealed that groups linked to Chinese intelligence hacked U.S. telecom providers and the Treasury Department. These breaches facilitated access to communications from high-profile individuals as well as sensitive government materials. Similarly, in 2015, Chinese hackers stole nearly nearly 22 million people’s personal information held by OPM. Russia also has a history of targeting federal databases. In 2020, the Russian SolarWinds hack impacted various government agencies, including the Department of Homeland Security, Department of Defense, and the Department of Justice.

DOGE’s actions create more openings for these types of attacks. Foreign adversaries can take advantage of failures in existing baseline protections, which are being undermined by DOGE’s disregard for privacy and security protocols. At the same time, any system changes by DOGE, especially undisclosed changes, can introduce new vulnerabilities that foreign adversaries can piggyback on to gain access to government databases. A diminished U.S. cyber talent pool is likely to face challenges in not only responding to the data risks that DOGE creates, but also defending against the cyberattacks that DOGE’s actions may invite.

DOGE is jeopardizing data privacy of Americans, hampering U.S. cybersecurity capabilities, and endangering U.S. national security. Members of Congress and policymakers should respond swiftly to these threats by curbing DOGE’s access to government systems and demanding transparency to fully assess the damage of DOGE’s actions. Time is of the essence; the status quo continues to put the United States and its residents at risk.

To discover what personal data DOGE has in hand, take our quiz.