DOGE's insecure Social Security database part of secretive cybersecurity nightmare, report claims

Last month, the Department of Government Efficiency (DOGE) was accused of creating a live cloud copy of every U.S. citizens' Social Security information, one without appropriate security oversight or tracking to determine who accessed the data. A concerning new report from the Homeland Security and Governmental Affairs Committee (HSGAC) has now echoed these allegations, finding that DOGE created an environment of "serious cybersecurity vulnerabilities, privacy violations, and risk of corruption." 

Led by ranking member Sen. Gary Peters, HSGAC's six-month investigation concluded that DOGE's mishandling of data has put U.S. citizens at high risk from malicious actors, including but not limited to "foreign adversaries" such as China, Russia, and Iran. An internal risk assessment by the Social Security Administration (SSA) reportedly found a 35 to 65 percent chance of a "catastrophic adverse effect" due to a data breach. In a worst case scenario, this could potentially require every single U.S. Social Security number to be reissued. 

"The potential breach of this sensitive data, and its potential misuse, significantly increase the urgency for DOGE to stop any high-risk projects and disclose its work to Congress and the public," read the report.

DOGE's inadequately secured cloud database of U.S. citizen's data would be alarming enough. However, HSGAC also raised serious concerns about the "layer of secrecy" surrounding the organisation's operations. Such secrecy, the report says, "shields [DOGE] from meaningful oversight and accountability," with SSA officials "unable to provide specific details on what their DOGE team was working on, and to whom they were accountable at the agency beyond other DOGE-affiliated officials."

In fact, HSGAC staff reported seeing DOGE workspaces cordoned off within agencies by armed guards. Employees of these other agencies were not provided clear, specific reasons why such excessive and unusual methods were warranted, according to the report.

"[DOGE] operates outside of, and even counter to, federal law and their purported efficiency and transparency goals," read the report. "DOGE, initially led by billionaire Elon Musk, consists primarily of workers with no policy or government experience and significant conflicts of interest, raising questions about both the effectiveness of and the motivations behind their work."

Other agencies were also unable to identify who was actually in charge at DOGE or provide "a clear chain of command," revealing an unclear leadership structure, the report says. While White House official Amy Gleason is officially DOGE's administrator, whistleblowers described her to HSGAC as "a figurehead with no real power over DOGE staff at agencies." This allegation seems supported by the fact that Gleason was technically in the role even while Musk was still acting as DOGE's de facto head.

The HSGAC report further alleged that U.S. citizens' data could potentially be misused to "benefit DOGE employees and the private companies with which many maintain strong ties." This appears to be a clear allusion to Musk's companies such as Tesla, SpaceX, and xAI. Musk announced his departure from DOGE in May, though the organisation still remained staffed by the billionaire's loyalists. 

DOGE was staffed by recent college graduates, many of whom had no prior government experience. These included Edward "Big Balls" Coristine, a 19-year-old who had allegedly provided support for a cybercrime group known for stealing cryptocurrency and hacking into law enforcement's email accounts.

"Even as DOGE personnel begin to leave government, it remains unclear what these individuals have done with the sensitive data they have had access to, including whether they have copied it to non-government devices for personal use or whether they have inappropriately manipulated or erroneously removed data," read the report. 

"The data these individuals have accessed would be valuable not only to foreign adversaries and bad actors, but also to private companies looking to gain an edge on competitors. DOGE’s actions not only put every American’s most sensitive information at risk, they also make our government and financial institutions vulnerable to large-scale disruption."

Established by President Donald Trump at the beginning of 2025, DOGE was ostensibly tasked with improving government efficiency by cutting costs. However, while Musk initially claimed DOGE would reduce government spending by a minimum of $2 trillion, he'd significantly revised this goal down to $150 billion by April. In the meantime, DOGE threw multiple government agencies into turmoil, laying off over 280,000 workers and dismantling several agencies entirely. Hundreds of these fired employees were asked to return to their previous jobs this week.