DOGE Employee Sends Unencrypted Personal Data Over Email, Breaches US Treasury Policies

• A Department of Government Efficiency staffer went against protocol by emailing sensitive data without encryption.
• The individual overlooked the training and shared a PII spreadsheet with two Trump administration officials.
• The breach was revealed through a forensic investigation of his departmental laptop, conducted shortly after he resigned.

A Department of Government Efficiency (DOGE) employee violated U.S. Treasury protocols by emailing an unencrypted spreadsheet containing sensitive personal information, as confirmed by court filings. 

The incident is part of a broader legal dispute concerning the Trump administration’s access to critical government-held data.

Marko Elez, a former DOGE staffer stationed at the Treasury’s Bureau of Fiscal Services, sent the unencrypted email to two United States General Services Administration officials before resigning in early February. 

The forensic analysis also revealed that Elez sent an email with a spreadsheet containing PII that detailed a name (a person or an entity), a transaction type, and an amount of money, though specific details remain undisclosed.

Since the names are not accompanied by more specific identifiers, such as social security numbers or birth dates, they are considered low-risk PII.

The chief security and privacy officer at the Treasury Bureau confirmed in court that Elez’s actions deviated from departmental encryption and email approval protocols. 

This breach has spotlighted concerns about internal cybersecurity measures and the oversight of sensitive data within government agencies. A coalition of U.S. attorneys general has filed the lawsuit to curb the dissemination of such data, highlighting risks tied to employees like Elez and the DOGE onboarding process. 

Meanwhile, Elez’s alleged rehire by the Social Security Administration (SSA) on February 18 raises additional concerns. A related court case is now underway to determine whether the DOGE team may access SSA systems containing critical U.S. citizen information.

The ability of high-level administration officials to access unencrypted sensitive data suggests vulnerabilities in adherence to cybersecurity protocols within government operations.