DOGE linked to potential Russian, Chinese access to OPM systems, report
Palo Alto: attackers have moved from AI experimentation to AI operationalization, Dragos discovered three new ICS threat groups, European Parliament disabled AI features over cybersecurity concerns, Kenyan authorities used Cellebrite on human rights activist's phone, much more
A report issued last week by Democrats on the House Committee on Oversight and Government Reform delivers a damning recounting of the varied ways Elon Musk’s Department of Government Efficiency (DOGE) violated cybersecurity protocols across nearly every executive branch agency — all while dismantling internal security expertise and misleading agency leaders about the damage it was causing.
“DOGE illegally deployed systems and forcefully accessed data across federal agencies in clear violation of federal privacy and cybersecurity laws, putting Americans’ data and civil liberties at risk,” the report states.
The document, titled Breaking Government: How DOGE and Trump Cost Taxpayers, Federal Workers, and Public Services, goes beyond procedural failures and raises explicit national security concerns.
Most sensationally, the report says that, according to communications shared with Democratic committee staff, experts identified evidence raising concerns about potential Russian and Chinese access to Office of Personnel Management (OPM) servers shortly after DOGE created a government-wide infrastructure to distribute Musk’s infamous “Fork in the Road” email across federal agencies.
At the time that system was deployed, House Committee Democrats warned that “DOGE employees flouted cybersecurity, privacy, and procurement laws to stand up this capability and exposed employees across a wide variety of agencies to spear-phishing and social engineering cyberattacks.”
Separately, committee staff also learned that “DOGE employees lowered all firewall protections at OPM to enable the exfiltration of data for use outside of a government environment,” according to the report.
“Each of these instances raises serious questions about national security,” the report concludes, noting that OPM holds highly sensitive personnel and operational data that adversarial state and non-state actors could exploit for leverage over federal employees or to infiltrate other government systems.
As the report characterizes it, DOGE employees — many who are and were very young workers with connections to Musk or his companies — “brought with them dubious software engineering and cybersecurity practices that may have exposed millions of Americans’ personal information to criminals and foreign governments.”
Beyond the OPM allegations — which appear not to have been publicly reported this way before — the report documents a series of additional whistleblower disclosures that, taken together, suggest systemic risk rather than isolated cybersecurity lapses.
The rest of today's issue is available only to paid subscribers. Please consider upgrading your subscription to gain access to not only this issue but our archives and other special reports.
Metacurity goes beyond the usual infosec news echo chamber, highlighting what’s real, overlooked, and often missed by traditional outlets. Please consider supporting our work by upgrading your subscription. Thank you!
