It started with a single, frantic email. Daniel Berulis, a cybersecurity specialist at the National Labor Relations Board, stared at his screen as a warning flashed: Unusual data movement detected. 10+ gigabytes exfiltrated. Access logs deleted. No trace of who did it. He wasn’t just seeing a glitch—he was witnessing the first tremor of what insiders now call the DOGE breach, a scandal that could expose millions of Americans to identity theft, foreign espionage, and a government in chaos.
DOGE—the Department of Government Efficiency—wasn’t a household name until early 2025. Created by President Trump and led by Elon Musk, its mission was simple: cut waste, slash budgets, and fire federal workers. But behind the headlines, a darker story unfolded. Whistleblowers from the NLRB, Social Security Administration, and other agencies began to speak out, painting a picture of a rogue tech squad with unchecked access to the nation’s most sensitive data.
The Day the Data Vanished
At the NLRB, Berulis watched as DOGE engineers disabled security tools, wiped access logs, and installed software eerily similar to what cybercriminals use to evade detection. “It was like watching a burglar disable the alarm system before stealing the safe,” Berulis later told Congress. He saw data—personal records, internal communications, even classified documents—being moved off agency servers, but with no way to track where it went. “That kind of spike is extremely unusual,” he said. “Data almost never directly leaves NLRB’s databases.”
At the Social Security Administration, chief data officer Charles Borges discovered something even more alarming: DOGE had copied the agency’s master database—the one containing every Social Security number ever issued—to a vulnerable cloud server. No security monitoring. No oversight. Just a massive, unsecured copy of America’s most sensitive personal data, sitting in the digital open.
How the Breach Happened
The attack vector was simple: access. DOGE was given full, unfettered entry to agency systems, with orders from the top to “assist them when they asked” and “stay out of their way.” Once inside, they used tools to disable monitoring, create new accounts, and move data. At the NLRB, one such tool generated fake IP addresses, making it nearly impossible to trace who was logging in or where the data was going. At the SSA, they uploaded the database to a cloud environment with weak security, leaving it exposed to hackers.
Experts say this is a classic “insider threat”—when someone with legitimate access abuses their privileges. “It’s not about hacking through firewalls,” says Dr. Elena Torres, a cybersecurity analyst at MIT. “It’s about trust. And DOGE exploited that trust to the maximum.”
The Human Cost
Imagine Sarah, a single mother in Ohio, checking her bank account and finding it drained. Or James, a retiree in Florida, suddenly denied his Social Security benefits. These aren’t hypotheticals. Whistleblowers warn that if bad actors gain access to the exposed data, millions could face identity theft, financial ruin, or loss of vital government services. “Should bad actors gain access to this cloud environment, Americans may be susceptible to widespread identity theft,” Borges warned in his complaint.
The Fallout
Government agencies scrambled to respond. The NLRB denied the allegations, claiming DOGE was never given access to agency data. The SSA said its data was “stored in secure environments” and “walled off from the internet.” But whistleblowers and watchdog groups aren’t convinced. “This opens up the possibility that even more data was exfiltrated,” Berulis said. “Regardless, the damage is done.”
Congress launched investigations. Representative Gerald Connolly called DOGE’s actions “technological malfeasance and illegal activity.” Lawsuits piled up, accusing DOGE of violating privacy laws and creating conflicts of interest. And the public? They’re left wondering: Who’s really protecting their data?
What’s Next
The DOGE scandal isn’t just about one breach. It’s about a system that allowed a secretive, unaccountable group to access the nation’s most sensitive information. As agencies scramble to patch holes and restore trust, the question remains: Could it happen again? With Musk’s companies facing enforcement actions and DOGE’s mandate still unclear, the answer isn’t reassuring.
Provocative Question:
If a government efficiency squad can expose millions to identity theft, who’s really watching the watchers?
FAQ
Q: What is the DOGE data breach?
A: The DOGE data breach refers to incidents where members of the Department of Government Efficiency (DOGE) allegedly accessed, copied, and exposed sensitive government data, including Social Security records and NLRB files, leading to potential identity theft and national security risks.
Q: How did the DOGE breach happen?
A: DOGE members were given full access to agency systems, where they disabled security tools, deleted logs, and moved data to vulnerable servers, exploiting insider privileges.
Q: What kind of data was exposed?
A: The exposed data includes Social Security numbers, personal records, internal communications, and other sensitive government information.
Q: What are the risks of the DOGE breach?
A: Risks include identity theft, financial fraud, loss of government benefits, and potential foreign espionage.
Q: What’s being done to prevent future breaches?
A: Congress has launched investigations, agencies are reviewing security protocols, and lawsuits are underway to hold DOGE accountable.
Q: Can I check if my data was affected?
A: There’s no public database, but affected individuals may be notified by government agencies if their data was compromised.
Q: What is an insider threat?
A: An insider threat is when someone with legitimate access to a system abuses their privileges to steal or expose data.