DOGE aims to pool federal data, putting personal information at risk

The U.S. DOGE Service is racing to build a single centralized database with vast troves of personal information about millions of U.S. citizens and residents, a campaign that often violates or disregards core privacy and security protections meant to keep such information safe, government workers say.

The team overseen by Elon Musk is collecting data from across the government, sometimes at the urging of low-level aides, according to multiple federal employees and a former DOGE staffer, who all spoke on the condition of anonymity for fear of reprisals. The intensifying effort to unify systems into one central hub aims to advance multiple Trump administration priorities, including finding and deporting undocumented immigrants and rooting out fraud in government payments. And it follows a March executive order to eliminate “information silos” as DOGE tries to streamline operations and cut spending.

At several agencies, DOGE officials have sought to merge databases that had long been kept separate, federal workers said. For example, longtime Musk lieutenant Steve Davis told staffers at the Social Security Administration that they would soon start linking various sources of Social Security data for access and analysis, according to a person briefed on the conversations, with a goal of “joining all data across government.” Davis did not respond to a request for comment.

But DOGE has also sometimes removed protections around sensitive information — on Social Security numbers, birth dates, employment history, disability records, medical documentation and more. In one instance, a website for a new visa program wasn’t set up behind a protective virtual private network as would be customary, according to a Department of Homeland Security employee and records obtained by the Washington Post.

The administration’s moves ramp up the risk of exposing data to hackers and other adversaries, according to security analysts, and experts worry that any breaches could erode public confidence in government. Civil rights advocates and some federal employees also worry that the data assembled under DOGE could be used against political foes or for targeted decisions about funding or basic government services.

“Separation and segmentation is one of the core principles in sound cybersecurity,” said Charles Henderson of security company Coalfire. “Putting all your eggs in one basket means I don’t need to go hunting for them — I can just steal the basket.”

China has increased its hacking in the United States in recent years, breaching major sensitive data collections at OPM, big health insurers and a credit-reporting bureau. Combining such a tempting target with security shortcuts compounds the risk that the nation — or others — will strike again, said Jake Williams, a former National Security Agency hacker who is vice president of Hunter Strategy, a security and technology firm.

“President Trump is leading the charge to modernize the federal government and make it more efficient — and DOGE is playing a critical role in fulfilling that vision,” Fields said. “By advancing secure data-sharing across agencies, DOGE is enhancing accountability, eliminating fraud, and streamlining operations across the board.”

Acting Social Security commissioner Leland Dudek said in a statement the agency has long shared data with other government agencies “to calculate and ensure proper payment of benefits.” Sharing data with DOGE “is a matter of common sense and something the public rightly expects from the federal government to ensure responsible stewardship of taxpayer dollars.”

Among administration critics, however, concerns are piling up.

In April, Rep. Gerry Connolly (Virginia), the top Democrat on the House Oversight Committee, asked the inspector general’s office at Social Security to “immediately investigate” whistleblower concerns about how data is being handled, along with DOGE’s plans for “an unprecedented effort to build a massive database.”

Five DOGE employees at the Department of Health and Human Services can see not only payment and contractor information, but also Medicaid and Medicare recipients’ Social Security numbers, phone numbers and medical diagnoses, according to government records submitted in a lawsuit filed by the AFL-CIO against the Labor Department.

Typically, data sharing within the federal government requires multiple steps. That includes legislative permission, public notices of what the government is doing and “computer matching” agreements between agencies specifying what is to be shared and why. Independent inspectors general also help make sure information is being used appropriately.

“You want people to have the least amount of access that they absolutely need,” said Faith Williams, director of the Effective and Accountable Government Program at the Project on Government Oversight. “So if someone comes in and asks a question, it’s not ‘here’s the master key.’”

Some combinations of data are clearly useful, former officials said. The commission that investigated intelligence failures before the Sept. 11, 2001, terrorist attacks on the World Trade Center and the Pentagon stressed the failures to communicate among intelligence agencies and criminal investigators; in response, Congress created the Department of Homeland Security, in part to merge resources. Still, other attempts to combine sensitive data about Americans were shot down on civil liberties grounds after vigorous public debate.

The current administration and DOGE are bypassing many normal data-sharing processes, according to staffers across 10 federal agencies, who spoke on the condition of anonymity out of fear of retribution. For instance, many agencies are no longer creating records of who accessed or changed information while granting some individuals broader authority over computer systems. DOGE staffers can add new accounts and disable automated tracking logs at several Cabinet departments, employees said. Officials who objected were fired, placed on leave or sidelined.

At times, information sharing is tied to specific policy goals, such as pursuing undocumented immigrants. At one previously unreported meeting early last month, the chief information officers at the Departments of Justice, Defense, Treasury, Commerce and Homeland Security were called together and urged to “optimize data sharing” in the pursuit of Mexican drug cartels, according to an emailed invitation.

Often, DOGE appears to be collecting data for the sake of having it. One former DOGE employee said colleagues would return to headquarters triumphant about databases they had accessed, hauling laptops to a war room in the Eisenhower Executive Office Building where Musk had set up shop. What the data had to offer was sometimes beside the point, the former DOGE employee said.

Reports of DOGE staffers failing to follow protocols meant to protect information span the government.

At the U.S. Digital Service, which was renamed the U.S. DOGE Service in January, new employees arrived with laptops that did not have the security programs typically installed by White House officials. The new team members took their devices to multiple agencies and insisted on access exceeding even that of the host departments’ security teams, according to an Office of Personnel Management employee.

At the FBI, a DOGE team urged staff members to combine four siloed buckets of personnel data as quickly as possible, betraying a lack of understanding about what can safely be accomplished on the agency’s aging systems, the Post reported. The FBI declined to comment.

At U.S. Citizenship and Immigration Services, DOGE told staff members to build a system for sharing data internally about applicants to a new visa program for wealthy immigrants, according to a DHS employee and records obtained by the Post. DOGE wants to use the data, which includes applicants’ addresses, birthdays and emails, for an unusual endpoint, the employee said: a public-facing website DOGE set up for the visas.

At the General Services Administration, political appointees tried to bypass normal safety restraints placed on federal devices, according to two employees who later left. The appointees specifically requested that longtime Tesla employee Thomas Shedd get a federal laptop with its own virtual private network and no security safeguards. (GSA provides administrative and technological support for much of the federal bureaucracy and manages the government’s real estate portfolio.)

Normally, all federal devices would include threat assessment and monitoring programs watched over by IT staff members, the employees said. But Shedd didn’t want any monitoring on his device, according to one of the employees, who said almost a dozen other top political appointees later made the same request.

In a statement, GSA Chief Information Officer David Shive said that Shedd uses a secure government-issued laptop and that “all GSA devices, regardless of user or position, are subject to the agency’s comprehensive cybersecurity protocols.”

Experts say the repercussions of the changes DOGE is pushing now could linger well into the future.