One of the most alarming issues is their reported access to the Treasury’s payment system, which manages trillions in federal expenditures, including Social Security and Medicare. Additionally, federal employees have filed lawsuits over an unapproved private server installed within the Office of Personnel Management (OPM), which stores highly sensitive personnel records.
Despite White House assurances that DOGE employees have only “read-only” access, reports indicate that a former Musk employee has been granted administrative privileges. Lawmakers, including Sen. Elizabeth Warren, are demanding answers about these security risks.
Cybersecurity experts warn that these actions may breach federal laws such as FISMA and could create vulnerabilities that cybercriminals could exploit. With concerns about unvetted infrastructure, unauthorized data access, and potential long-term security risks, the situation is being compared to a large-scale data breach with lasting implications.
Federal employees face legal dilemmas, as sharing restricted information without authorization is a felony under the E-Government Act. Some workers resisting these changes have reportedly been placed on administrative leave or fired. Experts warn that dismantling security oversight in critical agencies like OPM and the Treasury could lead to serious disruptions in federal operations.
As scrutiny over DOGE’s role intensifies, cybersecurity professionals caution that restoring trust in these systems will require significant resources and oversight. The unfolding events underscore the need for transparency, accountability, and strict adherence to federal cybersecurity laws.
Source: CyberScoop
The European Cyber Intelligence Foundation is a nonprofit think tank specializing in intelligence and cybersecurity, offering consultancy services to government entities. To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net, or you can try yourself using check.website.