Doge Staffer Data Breach: Treasury Rules Violated

Security Breach at Treasury Department

A member of staff employed by the Department of Government Efficiency (DOGE) reportedly violated established Treasury protocols. This occurred through the transmission of an email containing unencrypted personal data, as detailed in court testimony within a current federal lawsuit.

Details of the Incident

Marko Elez, a DOGE employee assigned to the U.S. Treasury, disseminated a spreadsheet containing unencrypted personally identifiable information. This communication was directed to two officials from the prior administration shortly before his departure in early February. His resignation followed the surfacing of racially charged content on social media platforms linked to Elez.

The specifics of this security failure were revealed in a court document filed on Friday. The document includes testimony from David Ambrose, the chief security and privacy officer for the Treasury’s Bureau of Fiscal Services.

Bureau of Fiscal Services and the Lawsuit

The Bureau of Fiscal Services is responsible for the distribution of trillions of dollars in federal funds to citizens across the United States annually. A group of U.S. attorneys general initiated the lawsuit with the aim of preventing the DOGE team, focused on cost reduction, from gaining access to highly confidential personal and financial data held by the Treasury unit where Elez was stationed.

According to the Friday filing, a forensic examination of Elez’s work laptop was conducted following his resignation. This analysis included a review of his official Treasury email account, which subsequently uncovered the security breach.

Nature of the Data Compromised

While the precise details of the shared data remain undisclosed, it is described as encompassing personal identifiers. These include a name – pertaining to either an individual or an organization – the nature of the financial transaction, and the corresponding monetary amount.

Ambrose stated that Elez’s actions were “contrary to [the department’s] policies” due to the lack of encryption and the absence of prior authorization for the email transmission.

Reporting and Subsequent Employment

Bloomberg was the first news outlet to report on the court filing on Friday. Following this incident, Elez was reinstated to a position on February 18th.

Currently, he is employed by the Social Security Administration, according to a source with knowledge of personnel matters.

Response from Attorneys General

The coalition of U.S. attorneys general who brought the lawsuit responded to the filing on Friday. They asserted that Ambrose’s statements “do nothing to allay any of the concerns” regarding the hasty and disorganized onboarding process of the Treasury DOGE Team.

Separate Legal Challenge

A separate legal case is also underway, seeking to block DOGE from accessing systems at the Social Security Administration that contain sensitive information pertaining to American citizens.

Efforts to obtain a comment from Elez by TechCrunch were unsuccessful.