A staff member from the Department of Government Efficiency (DOGE) at the U.S. Treasury violated internal policies by sending unencrypted personal information via email. Marko Elez, a DOGE staffer, emailed a spreadsheet containing personally identifiable information to two Trump administration officials before resigning in early February. His resignation followed the surfacing of racist social media posts linked to him, which further fueled the controversy surrounding the incident. The security breach was discovered after Elez left his position at the Treasury.
The details of this breach were revealed in a court filing, where David Ambrose, the chief security officer at the Treasury’s Bureau of Fiscal Services, provided testimony. The filing indicated that a forensic analysis was conducted on Elez’s department-issued laptop following his resignation, including a review of his email account, which confirmed the unapproved email was sent. Although the court filing did not specify the exact nature of the data, it was noted that the personal information shared included names, types of transactions, and monetary amounts.
Ambrose further explained that Elez’s actions were a clear violation of department policies, as the data was not encrypted and was sent without the necessary prior approval. This breach led to concerns raised by a coalition of U.S. attorneys general, who are currently working on a lawsuit to block the Trump administration’s DOGE team from accessing highly sensitive personal and financial data on millions of Americans. The filing from the attorneys general emphasized their concerns about the rushed and chaotic onboarding process of the Treasury DOGE team.
Despite the serious nature of the breach, Elez was rehired on February 18 and now works at the Social Security Administration. A separate federal case is also considering whether to block DOGE’s access to sensitive systems at the Social Security Administration. Elez did not return TechCrunch’s request for comment, and the case continues to unfold as concerns about data security and government oversight grow.
Reference: