In recent months, the Department of Government Efficiency (DOGE), an initiative spearheaded by Elon Musk under the Trump administration, has come under intense scrutiny for its unprecedented access to sensitive government data. Court documents from over a dozen federal lawsuits, reviewed by NPR and other outlets, paint a troubling picture of an entity that has circumvented privacy laws, security protocols, and standard oversight to gain sweeping access to the personal and financial information of millions of Americans. As of March 31, 2025, these filings reveal a pattern of conflicting explanations, inadequate justification, and potential legal violations that have alarmed judges, privacy advocates, and the public alike.

A Broad and Unprecedented Reach

DOGE, established via executive order to identify “waste, fraud, and abuse” in government operations, has embedded staffers across multiple federal agencies, granting them access to highly sensitive databases. These include the Social Security Administration (SSA), the Treasury Department, the Department of Education, and the Office of Personnel Management (OPM), among others. The data in question encompasses Social Security numbers, bank account details, income records, student loan information, and even health-related data—information typically restricted to a small cadre of trained, vetted employees.

Court filings highlight specific individuals like Akash Bobba, a DOGE staffer with access to SSA’s Master Beneficiary Record, federal student loan data, and OPM’s human resources files—an extraordinary level of clearance that bridges previously compartmentalized systems. Another staffer, Marko Elez, who resigned from the Treasury Department in February 2025 after racist social media posts resurfaced, was later rehired by DOGE and granted access to sensitive systems at the Department of Labor, Health and Human Services (HHS), and the SSA. An audit revealed Elez had emailed a spreadsheet containing personally identifiable information (PII) to General Services Administration officials, raising further concerns about data security.

Legal Challenges and Judicial Rebukes

The breadth of DOGE’s data access has sparked at least 17 lawsuits, many invoking the Privacy Act of 1974, a Watergate-era law designed to limit federal agencies’ ability to share sensitive information without authorization. Plaintiffs, including labor unions, state attorneys general, and privacy groups like the Electronic Privacy Information Center (EPIC), argue that DOGE’s actions constitute a massive breach of privacy and security.

Federal judges have repeatedly expressed skepticism about DOGE’s justification—or lack thereof—for such sweeping access. U.S. District Judge Deborah L. Boardman, in a March 24 ruling, issued a preliminary injunction blocking DOGE from accessing data at the Education Department, Treasury, and OPM, stating that the agencies “likely violated the Privacy Act” by sharing information with DOGE affiliates who “had no need to know” it. Judge Ellen Lipton Hollander, in a separate Maryland case, described DOGE’s access to SSA records as “tantamount to hitting a fly with a sledgehammer,” ordering the destruction of any data already obtained and the removal of installed software.

Judges have noted the government’s inability to articulate a clear purpose for DOGE’s data demands. In a Labor Department lawsuit, Judge John D. Bates pointed to “inconsistencies across their evidence,” while Hollander remarked that the government “never identified even a single reason” for needing unlimited access to SSA’s systems. This lack of specificity has fueled judicial pushback, with courts issuing temporary restraining orders and injunctions to halt DOGE’s activities pending further review.

Security Risks and Procedural Lapses

Beyond legal concerns, court documents expose significant security risks. DOGE staffers, many of whom lack prior government experience or proper training, have reportedly skirted protocols designed to safeguard sensitive data. For instance, Elez’s unauthorized sharing of PII via email underscores a lax approach to access controls. NPR’s review found that agencies rushed to grant DOGE access without documenting the scope of its work or ensuring compliance with privacy standards—a pattern described as “alarming” across filings.

Privacy experts warn that this unchecked access poses risks beyond privacy violations. Alan Butler of EPIC called it “an absolute nightmare,” noting the potential for accidental system disruptions or deliberate misuse. The integration of artificial intelligence (AI) into DOGE’s data analysis, as reported by The Washington Post, amplifies these concerns, with fears that sensitive information could be exposed through AI outputs or exploited for political purposes.

Conflicting Narratives and Accountability Gaps

Perhaps most striking is the inconsistency in DOGE’s own accounts of its operations. Court records show the entity has provided contradictory information about what data it has accessed, who has that access, and why it’s needed. The Trump administration has defended DOGE, arguing that its staffers are authorized under the president’s directive to modernize systems and root out inefficiencies. Yet, this broad mandate has failed to convince courts that such extensive data access is necessary or lawful.

The opacity surrounding DOGE’s structure adds another layer of complexity. It remains unclear whether DOGE operates as a formal agency, a team of detailed employees, or an outside entity, complicating accountability. The administration’s reluctance to label DOGE an “agency”—potentially to avoid obligations under laws like the Freedom of Information Act—has drawn judicial scrutiny, with Judge Bates noting it seems designed to “reap only its benefits” without oversight.

A Growing Public Concern

As lawsuits progress, the revelations from court documents have heightened public and congressional unease. The ACLU has filed FOIA requests with over 40 agencies to uncover the full extent of DOGE’s reach, while lawmakers like Senators Ron Wyden and Jon Ossoff have labeled it a “national security risk.” The resignation of 21 U.S. DOGE Service staffers in February, citing “mishandling sensitive data,” underscores internal dissent.

For now, the courts remain a battleground. While DOGE scored a rare win in February when Judge Bates allowed continued access to data at HHS, the Labor Department, and the Consumer Financial Protection Bureau, most rulings have favored plaintiffs, imposing restrictions and demanding transparency. With appeals pending and discovery ongoing, the full scope of DOGE’s data grab—and its implications—may yet come to light.

In a digital age where personal information is both a resource and a vulnerability, the saga of DOGE raises critical questions about privacy, power, and the balance between efficiency and accountability in government. As Judge Boardman wrote, echoing the Privacy Act’s original intent, “No matter how important or urgent the President’s DOGE agenda may be, federal agencies must execute it in accordance with the law.” The court documents suggest that, so far, they have not.