DOGE Employee Sends Unencrypted Personal Data Over Email, Breaches US Treasury Policies

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity & Streaming Writer

A Department of Government Efficiency (DOGE) employee violated U.S. Treasury protocols by emailing an unencrypted spreadsheet containing sensitive personal information, as confirmed by court filings. 

The incident is part of a broader legal dispute concerning the Trump administration’s access to critical government-held data.

Marko Elez, a former DOGE staffer stationed at the Treasury’s Bureau of Fiscal Services, sent the unencrypted email to two United States General Services Administration officials before resigning in early February. 

US attorneys fear Elez’s replacement will be onboarded similarly.
US attorneys fear Elez’s replacement will be onboarded similarly | Source:US attorneys general respond to DOGE filing

The forensic analysis also revealed that Elez sent an email with a spreadsheet containing PII that detailed a name (a person or an entity), a transaction type, and an amount of money, though specific details remain undisclosed.

Since the names are not accompanied by more specific identifiers, such as social security numbers or birth dates, they are considered low-risk PII.

The chief security and privacy officer at the Treasury Bureau confirmed in court that Elez’s actions deviated from departmental encryption and email approval protocols. 

This breach has spotlighted concerns about internal cybersecurity measures and the oversight of sensitive data within government agencies. A coalition of U.S. attorneys general has filed the lawsuit to curb the dissemination of such data, highlighting risks tied to employees like Elez and the DOGE onboarding process. 

Meanwhile, Elez’s alleged rehire by the Social Security Administration (SSA) on February 18 raises additional concerns. A related court case is now underway to determine whether the DOGE team may access SSA systems containing critical U.S. citizen information.

The ability of high-level administration officials to access unencrypted sensitive data suggests vulnerabilities in adherence to cybersecurity protocols within government operations.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: