What did DOGE actually access in US government systems?

DOGE personnel gained access to systems at the Social Security Administration (SSA), Treasury Department, Office of Personnel Management (OPM), Department of Education, and the National Labor Relations Board (NLRB). The most serious confirmed incident: DOGE employees transferred a live copy of the entire SSA database — containing data on approximately 280 million Americans — to a cloud server without independent security controls. At NLRB, DOGE personnel disabled audit logging before accessing sensitive union case files and trade secrets.

Was the DOGE government database access legal?

The legal status is contested and actively being litigated. The Supreme Court temporarily cleared DOGE to access SSA data in January 2026 by lifting a lower court injunction. However, what DOGE employees did with that access — including matching SSA data with voter rolls and transferring databases to external servers — is the subject of separate legal proceedings. Courts have moved to revoke DOGE access to Treasury payment systems. The NLRB Inspector General has opened a formal investigation.

Why were US government systems so easy to access?

Several compounding factors: (1) Core systems like SSA run on legacy COBOL mainframe architecture from the 1960s-80s, not designed for modern access controls. (2) Privileged Access Management (PAM) and Zero Trust architecture are inconsistently deployed across agencies. (3) Audit logging is inadequate or disabled on many systems. (4) The outsider threat model that shaped most government security controls does not account for politically authorised insiders with high-level backing. These are not unique to government — they are endemic security gaps across many large organisations.

What is the NLRB whistleblower situation with DOGE?

An IT professional at the National Labor Relations Board (NLRB) filed a whistleblower complaint claiming DOGE personnel demanded the highest level of system access and then directed staff to disable audit logging on the NxGen case management system. This system contains sensitive union case files, witness testimony, and trade secrets from companies under NLRB investigation. The whistleblower subsequently received physical threats including threatening notes on his door with his personal information, and reported drone surveillance of his property. The NLRB Inspector General opened a formal investigation.

What can organisations learn from the DOGE security incidents?

Key lessons: (1) Insider threat is as dangerous as external attack — design your access controls accordingly. (2) Audit logs must be immutable and shipped to independently controlled storage that the source system cannot modify. (3) Data egress monitoring should alert on bulk exports to external destinations. (4) Privileged Access Management (PAM) with tight scoping and just-in-time access reduces the blast radius of any credential misuse. (5) Encryption at rest ensures that even successfully exfiltrated data is not immediately usable without the key.

Security Tech Industry Career

DOGE Got Inside America's Most Critical Databases — The Technical Reality Is Worse Than the Headlines

Abhishek Gautam·March 4, 2026·13 min read

Quick summary

DOGE transferred a live copy of the entire US Social Security database to an unsecured cloud server, accessed Treasury payment systems, and disabled security tracking at the NLRB. Here is what actually happened technically and what it means for everyone who builds systems.

The headlines called it "DOGE accessing government databases." That language undersells what actually happened. A small group of political appointees — many with no security clearance — got root-level access to the information systems of the United States Social Security Administration, the Treasury Department, the Office of Personnel Management, the Department of Education, and the National Labor Relations Board. In at least one confirmed case, they transferred a live copy of the Social Security database to a cloud server with no independent security controls.

For everyone who builds systems for a living, the DOGE government database story is not primarily a political story. It is a case study in how legacy systems get compromised, what insider threats look like at scale, and why federal IT infrastructure is years behind where it needs to be.

Here is what actually happened, technically, and why it matters beyond Washington DC.

The Social Security Administration: A Live Database Transfer

The most alarming single technical incident: DOGE employees at the Social Security Administration transferred a live copy of the entire SSA database to a cloud server that lacked independent security controls. This was not a backup. This was a live mirror of the database that contains the Social Security numbers, earnings records, disability status, bank account information for direct deposits, and personal details of approximately 280 million Americans.

The transfer was done without notification to SSA leadership. It was discovered after the fact by SSA career staff. Two of the DOGE employees involved in the SSA operation were subsequently found to have been using their SSA database access to match Social Security records against state voter rolls — an action with no legitimate federal administrative purpose.

The Supreme Court, in January 2026, cleared DOGE to continue accessing SSA data by temporarily lifting an injunction from a Maryland federal district court. That ruling was narrow — it did not rule on the legality of what was done with the data, only on whether access could continue pending further proceedings.

Technical dimensions of the SSA breach:

SSA runs on some of the oldest mainframe infrastructure in the US government. The core system, built on IBM z/OS, was designed in an era when network connectivity was limited and physical security was the primary control. It was never designed to be mirrored to cloud infrastructure. The transfer required:

Bypassing SSA data governance controls
Using credentials with elevated privileges — credentials that should not have existed outside of a carefully controlled provisioning process
Moving data to storage infrastructure not subject to FedRAMP (Federal Risk and Authorization Management Program) controls
No data-at-rest encryption on the destination server per reports from career IT staff

If this had happened at a private company, it would trigger mandatory breach notification under HIPAA, PCI-DSS, or state data protection laws. The SSA is not subject to the same mandatory disclosure requirements.

The NLRB: Disabled Audit Trails and a Whistleblower Under Drone Surveillance

The National Labor Relations Board case is more technically specific — and in some ways more disturbing — because of a detailed whistleblower account from an IT professional inside the agency.

According to the whistleblower, DOGE personnel arrived at NLRB and demanded the "highest level of access" to agency systems. They then directed IT staff to disable audit logging on the NxGen case management system — the system that contains:

Union case files with personal information about union members
Witness testimony in ongoing labour disputes
Trade secrets and proprietary company information from companies under NLRB investigation
Confidential communications between parties in active cases

Disabling audit logging is significant: it means there is no record of what data was accessed, copied, or exfiltrated. In security terms, you cannot detect a breach you have no logs for.

The whistleblower subsequently received physical threats. Someone taped threatening notes to his door with his personal information printed on them, and he reported being surveilled by a drone over his property. The NLRB Inspector General has opened a formal investigation.

Treasury, OPM, and Education: The Pattern

The SSA and NLRB incidents are the most documented, but DOGE also gained access to:

Treasury Department payment systems: DOGE personnel accessed systems used to process government payments, including foreign aid disbursements (USAID), Social Security direct deposits, and federal contractor payments. Courts have since moved to revoke this access, citing security concerns.

Office of Personnel Management (OPM): OPM holds the personnel files of every current and former federal employee, including security clearance applications (SF-86 forms) which contain the most sensitive personal information that exists — family members, finances, foreign contacts, mental health history, past drug use. OPM was already breached by Chinese hackers in 2015 in what was described as the worst counterintelligence disaster in US history. DOGE accessed OPM systems in early 2026.

Department of Education: Student loan data, FAFSA applications, and enrollment records for tens of millions of Americans.

The pattern across all these incidents: escalated privileges obtained quickly, limited audit trails, data accessed for purposes outside normal agency operations, and career IT staff who raised concerns being either ignored or removed.

Why Government Systems Are This Vulnerable

Understanding how this happened technically requires understanding the state of US government IT infrastructure.

The COBOL problem: A significant portion of US government core systems still runs on COBOL mainframe code written in the 1960s through 1980s. The SSA estimated in 2020 that it had 60 million lines of COBOL. These systems were designed for a world of physical terminals in secure facilities, not networked access from third-party cloud infrastructure. Bolting modern access controls onto 1970s-era architecture is genuinely hard — it was never designed for role-based access control, OAuth, or modern identity management.

The contractor problem: Most of the people who understand these legacy systems are not government employees. They are contractors, often working for large systems integrators (Booz Allen Hamilton, Leidos, SAIC, CACI). When a new political team arrives demanding access, the career civil servants and contractors who manage these systems are in an impossible position: refuse an order from a political appointee and risk termination, or comply and potentially violate security protocols.

The clearance problem: Standard security practice would require DOGE personnel operating in these systems to have security clearances appropriate to the classification level of the data they access. Reports indicate many DOGE personnel lacked appropriate clearances or had provisional clearances that should not have granted access to production systems with live citizen data.

The logging problem: Many legacy government systems have primitive or no real-time audit logging. The concept of a Security Information and Event Management (SIEM) system that correlates access logs across multiple agency systems is aspirational rather than operational in much of the federal government. The 2015 OPM breach went undetected for over a year partly because of inadequate logging.

What This Looks Like From a Security Engineering Perspective

DOGE accessing government systems is not a unique technical vulnerability. It is a well-documented class of threat: insider threat via privileged access.

The security industry has spent decades developing controls specifically for this:

Privileged Access Management (PAM): Tools like CyberArk, BeyondTrust, and Delinea exist to enforce least-privilege access, require justification for elevated credential use, and maintain immutable audit trails. Government adoption is inconsistent.

Zero Trust Architecture: The premise that no user, even with credentials, should be trusted implicitly — access should be continuously verified, scoped tightly to the task, and fully logged. CISA has been pushing federal agencies toward Zero Trust since 2021. Implementation is years behind the timeline.

Data Loss Prevention (DLP): Systems that detect and block unusual data movement — like a bulk database transfer to an external server. Should have caught the SSA database mirror. Did not, which suggests either DLP was not deployed or was bypassed by the credential level used.

Immutable audit logs: Logs that cannot be disabled or deleted even by privileged users. If NLRB had immutable audit trails, DOGE could not have disabled logging. This is achievable with write-once storage — it is a solved problem. It is just not deployed everywhere.

What This Means for Private Sector Security Teams

If you run security for a company or build systems that handle sensitive data, the DOGE story surfaces questions that apply to your organisation:

Who can access your most sensitive data, and how do you know?

Most organisations have multiple engineers, DBAs, and cloud administrators with the ability to access production databases containing customer PII. The question is not whether this access exists — it needs to exist for operations. The question is whether every access event is logged, reviewed, and alertable.

Can your audit logs be disabled?

If an insider can disable audit logging before exfiltrating data, you have no forensic trail. Write-only log destinations (a log sink that only appends, never overwrites) are a minimum. Shipping logs in real-time to a separate, independently controlled system that the target system cannot write back to is better.

What happens when credentials are shared?

The DOGE situation involved individuals using credentials either issued to them improperly or shared by others. Credential sharing is endemic in organisations with poor PAM controls. Every human action on a production system should be attributable to a specific person, not a shared service account.

Do you have data egress monitoring?

Detecting "large bulk export to external storage" should be a high-priority alert in any data-sensitive system. Cloud DLP services from AWS, Google, and Azure can do this. They need to be configured and monitored.

Is your most sensitive data actually encrypted?

The reports suggest the SSA database copy was transferred without encryption at rest. If your most sensitive database was copied to external storage tomorrow, would the attacker have plaintext data or ciphertext requiring a key they do not have?

The Broader Precedent

Beyond the specific incidents, the DOGE case establishes a precedent with long-term implications. It demonstrates that political authority, exercised quickly and with enough institutional cover, can override technical access controls in government systems designed with the assumption that bad actors would be outsiders.

The assumption that "insider" means a rogue employee acting alone is outdated. An organised group of politically motivated insiders with top-level backing can bypass controls that were designed to stop individual unauthorised access.

This is not a partisan observation. The same organisational vulnerability exists regardless of which party holds executive power. Federal IT systems are currently designed to be more resistant to external hackers than to well-resourced insiders with administrative cover. That is a design flaw.

For those of us who build systems: the government scenario is the extreme version of a risk that exists in every organisation. The controls exist. They are just not deployed or enforced universally. The DOGE incidents are an argument for treating insider threat mitigation as a first-class security requirement, not an afterthought.

---

The Social Security database that was transferred to that unsecured cloud server contains your information if you are one of the 280 million Americans in it. It may contain your information if you have paid into the US Social Security system from another country. The technical failures that allowed it to happen are not unique to government — they are endemic across organisations that have not prioritised insider threat controls. Understanding them is the first step to not replicating them.