Cloudflare, U.S. Department of Justice and Social Security Administration: DOGE might have misused Social Security data, Trump administration admits

DOGE Employees Under Scrutiny for Alleged Election Interference and Data Misuse

The U.S. Department of Justice (DOJ) has revealed in a court filing that members of Elon Musk’s "DOGE" team at the Social Security Administration (SSA) engaged in undisclosed communications with an unnamed advocacy group aiming to overturn election results in certain states. The interactions allegedly included a signed agreement that may have involved matching Social Security data with state voter rolls a potential violation of federal privacy laws.

The DOGE employees have been referred for possible Hatch Act violations, which bars government officials from using their positions for political activities. According to DOJ officials, the advocacy group approached the SSA team with a request to analyze voter rolls for evidence of fraud, though the exact states targeted remain unspecified.

Further concerns arose over the unauthorized use of third-party servers, including Cloudflare, to handle sensitive data contrary to a court ruling restricting access to such information. A senior adviser to Musk and the DOGE team, Steve Davis, was reportedly copied on a March 3, 2025, email containing a password-protected file with the private data of approximately 1,000 individuals from SSA systems. It remains unclear whether the data was accessed or exploited.

The DOJ stated that no evidence suggests broader SSA awareness of the communications or the "Voter Data Agreement" beyond the involved DOGE members. The investigation is ongoing, with no further details on potential legal consequences or the advocacy group’s identity.

Source: https://www.techradar.com/pro/security/doge-might-have-misused-social-security-data-trump-administration-admits

Cloudflare cybersecurity rating report: https://www.rankiteo.com/company/cloudflare

U.S. Department of Justice cybersecurity rating report: https://www.rankiteo.com/company/usdoj

Social Security Administration cybersecurity rating report: https://www.rankiteo.com/company/ssa

"id": "CLOUSDSSA1769016836",
"linkid": "cloudflare, usdoj, ssa",
"type": "Cyber Attack",
"date": "3/2025",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"

{'affected_entities': [{'customers_affected': '~1,000 individuals',
                        'industry': 'Public Sector',
                        'location': 'United States',
                        'name': 'Social Security Administration (SSA)',
                        'size': 'Large',
                        'type': 'Government Agency'}],
 'attack_vector': 'Insider Threat, Unauthorized Data Sharing',
 'data_breach': {'data_encryption': 'Password-protected file',
                 'number_of_records_exposed': '~1,000',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Social Security data, Voter '
                                             'rolls, Personally identifiable '
                                             'information (PII)'},
 'date_publicly_disclosed': '2025-03-03',
 'description': 'The U.S. Department of Justice (DOJ) revealed that members of '
                "Elon Musk’s 'DOGE' team at the Social Security Administration "
                '(SSA) engaged in undisclosed communications with an advocacy '
                'group to overturn election results, potentially violating '
                'federal privacy laws by matching Social Security data with '
                'state voter rolls. The incident also involved unauthorized '
                'use of third-party servers and unauthorized sharing of '
                'sensitive data.',
 'impact': {'brand_reputation_impact': 'High (SSA and DOGE team)',
            'data_compromised': 'Social Security data, Voter rolls, Private '
                                'data of ~1,000 individuals',
            'identity_theft_risk': 'High (exposure of private data)',
            'legal_liabilities': 'Potential Hatch Act violations, Privacy law '
                                 'violations',
            'operational_impact': 'Potential legal and regulatory scrutiny, '
                                  'Reputational damage to SSA',
            'systems_affected': 'SSA systems, Third-party servers '
                                '(Cloudflare)'},
 'investigation_status': 'Ongoing',
 'motivation': 'Political interference, Election fraud investigation',
 'post_incident_analysis': {'root_causes': 'Insider threat, Lack of oversight '
                                           'on data sharing, Unauthorized '
                                           'third-party server usage'},
 'references': [{'source': 'U.S. Department of Justice (DOJ) court filing'}],
 'regulatory_compliance': {'legal_actions': 'Potential (DOJ investigation '
                                            'ongoing)',
                           'regulations_violated': ['Hatch Act',
                                                    'Federal privacy laws']},
 'response': {'law_enforcement_notified': 'Yes (DOJ investigation)'},
 'threat_actor': 'DOGE team members (insiders), Unnamed advocacy group',
 'title': 'DOGE Employees Alleged Election Interference and Data Misuse',
 'type': 'Data Misuse, Election Interference, Unauthorized Data Access',
 'vulnerability_exploited': 'Lack of access controls, Unauthorized third-party '
                            'server usage'}