Government

DOGE staffer violated security policies at Treasury Department, court filing shows

The filing was part of a case brought by state attorneys general seeking to block DOGE access to sensitive information.

March 17, 2025

Listen to this article

0:00

This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.

A demonstrator holds up a sign during a rally in front of the U.S. Treasury Department in protest of Elon Musk and the Department of Government Efficiency on Feb. 4. (Photo by Anna Rose Layden/Getty Images)

A staffer for the Department of Government Efficiency (DOGE) violated security policies at the Treasury Department by improperly sharing sensitive personal information outside the agency, according to a court filing.

The filing last week came in a case state attorneys general brought against President Donald Trump and Treasury Secretary Scott Bessent challenging DOGE access to Treasury records.

DOGE staffer Marko Elez, who resigned in February after racist social media posts surfaced, shared personally identifiable information in a spreadsheet with two General Services Administration officials, according to the filing from David Ambrose, named as the “Chief Security Officer/Chief Privacy Officer/Acting Chief Information Security Officer” at Treasury’s Bureau of the Fiscal Service (BFS).

“The names in the spreadsheet are considered low risk PII because the names are not accompanied by more specific identifiers, such as social security numbers or birth dates,” Ambrose wrote. “Elez’s distribution of this spreadsheet was contrary to BFS policies, in that it was not sent encrypted, and he did not obtain prior approval of the transmission” as required, he said.

Ambrose’s declaration was one of two filed by the defense, but the state attorneys general didn’t find them to be convincing evidence of careful security.

“Plaintiffs have quickly reviewed the contents of these declarations and they do nothing to allay any of the concerns expressed by the Court in its Opinion about the rushed and chaotic nature of the Treasury DOGE Team onboarding process,” they wrote in response. “Rather, these new declarations confirm that the Court’s concerns were well founded.”

DOGE staffer Ryan Wunderly took Elez’s place at Treasury. The plaintiffs insisted that adequate security safeguards still aren’t in place.

“Defendants provide no specific description of what Wunderly’s job duties will be or who will provide day-to-day supervision over Wunderly and the other Treasury DOGE Team members, nor do Defendants clarify the reporting lines for the Treasury DOGE Team members, which the Court found creates uncertainty over their employment status and authority to access Treasury systems,” they wrote.

More broadly, the actions of DOGE have raised concerns with cybersecurity experts who view the activity as, functionally, a data breach.

DOGE staffer violated security policies at Treasury Department, court filing shows

More Like This

Water utilities would get cybersecurity boost under bipartisan Senate bill

Legislative push for child online safety runs afoul of encryption advocates (again)

Amid personnel turmoil at cyber agencies, a government shutdown could increase potential harm

Top Stories

Cloudflare rolls out post-quantum encryption for enterprise users

Who is sending those scammy text messages about unpaid tolls?

Latest Podcasts

Emily Crose on the government’s long history with hackers

Discover’s Sunil Mallik on the ever-changing roles of the CISO

Red Hat’s Adam Clater on navigating zero trust’s unknowns

Chainguard’s Dan Lorenc on the next decade of software supply chain security

Government

Technology

Threats

Policy