Rep. Stansbury, Sen. Warren Demand Answers After DOGE Website Issues Raise National Security Concerns
DOGE employees may be sharing classified government information using insecure communications channels
WASHINGTON, D.C. –Rep. Melanie Stansbury (NM-01), Ranking Member of the DOGE Oversight Subcommittee, co-led a letter with U.S. Senator Elizabeth Warren (D-MA) demanding answers after two incidents in security failures of the DOGE.gov website, and reports that DOGE employees shared sensitive government information over insecure communications channels.
Rep. Stansbury and Sen. Warren were joined by Rep. Gerry Connolly (VA-11), Ranking Member of the House Oversight Committee, Del. Eleanor Homes Norton (D-DC), Rep. Stephen Lynch (MA-08), Rep. Robert Garcia (CA-42), Rep. Greg Casar (TX-35), and Rep. Jasmine Crockett (TX-30).
“These incidents – whether due to maliciousness or incompetence – are inexcusable and raise additional questions about DOGE employees’ access to highly sensitive personal and national security information, and what they are doing with it,” wrote the lawmakers.
DOGE has seized access to highly confidential government and personal information, including tax, Medicare, Social Security, and national security data, which has already led to multiple lawsuits. In just a matter of three weeks, DOGE employees have fed sensitive data into artificial intelligence software, ordered an unauthorized email server to be connected to the government network, and have accidentally been given “write” access to the U.S. Treasury payment system.
“DOGE employees do not appear to fully understand much of the information to which they have been given unfettered access, and given the cavalier and incompetent ways that they have handled this data, these individuals represent a clear threat to national security and the nation’s economy,” continued the lawmakers.
Two researchers confirmed the website was not hosted on secure government servers leaving it vulnerable to hacks by third parties.
“These examples of DOGE’s recklessness and inability to accomplish simple tasks – such as establishing a secure database and website housing such critical and confidential government data – combined with its broad access to government data and systems, poses a grave threat to the United States’ economy and national security,” wrote the lawmakers.
The lawmakers are requesting answers from Mr. Musk by March 6, 2025.
The full letter is below:
Mr. Musk,
We write regarding two recent reports of alarming security failures associated with the new DOGE.gov website and Department of Government Efficiency (DOGE) employees sharing controlled government information using insecure communications channels. These incidents – whether due to maliciousness or incompetence – are inexcusable and raise additional questions about DOGE employees’ access to highly sensitive personal and national security information, and what they are doing with it.
The sheer breadth of highly confidential government and personal information that DOGE employees have accessed, including tax, Medicare, Social Security, and national security data, has the potential to unleash a “national security nightmare,” and has led to multiple lawsuits already. DOGE employees have proven to be entirely unequipped to handle this access. In just a matter of three weeks, DOGE employees have fed sensitive data into artificial intelligence software, ordered an unauthorized email server to be connected to the government network, have accidentally been given “write” access to the U.S. Treasury payment system. Just days ago, DOGE recommendations led to the Trump administration firing hundreds of employees at the National Nuclear Safety Administration, which safeguards our nation’s nuclear weapons, before apparently realizing their importance and frantically recalling them. DOGE employees do not appear to fully understand much of the information to which they have been given unfettered access, and given the cavalier and incompetent ways that they have handled this data, these individuals represent a clear threat to national security and the nation’s economy.
The DOGE.gov website launched on February 12, 2025, with features which allow users to “trace your tax dollars through the bureaucracy,” and containing information regarding federal agencies, including their head counts, budgets, and average ages of employees. Immediately after it was launched, two security researchers confirmed that the website was not hosted on secure government servers, making it especially vulnerable to third-party hackers. In fact, it appears that DOGE.gov was pulling from a database which could be written to and changed by third parties – changes which then presented on the live website. One security researcher reported that they were able to push updates to DOGE.gov after studying the website’s architecture. Experts indicated that the website was “completely slapped together” with “tons of errors and details leaked in the page source code.”
A disclaimer on the DOGE.gov website indicated that the database excluded data regarding U.S. intelligence agencies. However, details on the National Reconnaissance Office (NRO), which designs and builds U.S. intelligence satellites, were searchable within the database. Both the NRO’s budget and head count are considered to be controlled information and should not have been published to the public, “because foreign adversaries could use it to extrapolate how much the U.S. is prioritizing certain intelligence activities.” This incident left federal intelligence employees “scrambling” to see if their sensitive information had been accessed.
These are not the only recent incidents in which, due to Trump administration actions, sensitive national security information may have been inadvertently disclosed. In the first week of February, officials sent an unclassified email from the C.I.A. to the Trump administration with the names of employees hired at the agency within the last two years. These examples of DOGE’s recklessness and inability to accomplish simple tasks – such as establishing a secure database and website housing critical and confidential government data – combined with its broad access to government data and systems, pose a grave threat to the United States’ economy and national security.
As one cybersecurity expert summarized:
In this case, external operators with limited experience and minimal oversight are doing their work in plain sight and under massive public scrutiny: gaining the highest levels of administrative access and making changes to the United States’ most sensitive networks, potentially introducing new security vulnerabilities in the process. But the most alarming aspect isn’t just the access being granted. It’s the systematic dismantling of security measures that would detect and prevent misuse —including standard incident response protocols, auditing, and change-tracking mechanisms—by removing the career officials in charge of those security measures and replacing them with inexperienced operators…. The implications for national security are staggering.
In order to better understand how DOGE is allowing such catastrophic privacy and security failures, we ask that you answer the following questions before March 6, 2025:
1. Who is responsible for establishing and enforcing security protocols related to the DOGE.gov?
2. What are the specific security protocols you have in place for:
a. Individuals accessing government data and systems.
b. The DOGE.gov website.
c. Other DOGE communications, including communications within DOGE, with
other government entities, and with outside entities.
3. What is the security clearance process for DOGE employees?
4. What procedures are in place in case of a security breach at DOGE or with the
DOGE.gov website?
5. In addition to the incidents listed above, have there been other breaches of confidential or national security data associated with DOGE’s work or the DOGE.gov website? If so, please provide a list of all such incidents, and provide them in a confidential and secure fashion.
###