Sen. Gary Peters, D-Mich., alleged in a report released Thursday that officials from the Department of Government Efficiency (DOGE) risked Americans’ personal data by uploading sensitive information to the cloud without proper safeguards or oversight.
The report is the result of a months-long investigation led by Peters and Democratic staffers on the Senate Homeland Security and Governmental Affairs Committee.
After multiple formal requests for DOGE-related information were ignored, Peters directed oversight visits to key federal agencies where DOGE personnel are embedded: the Social Security Administration (SSA), the General Services Administration (GSA), and the Office of Personnel Management (OPM).
Over the course of six months, committee staff conducted in-person reviews and interviews to assess DOGE’s influence and operations within these agencies.
Peters’ report alleges that “DOGE staff … copied Americans’ sensitive Social Security and employment data into a cloud database without any verified security controls, likely a serious violation of cybersecurity and privacy laws that puts the information at risk of being stolen by cybercriminals.”
Specifically, during site visits to SSA and OPM, staff received information about DOGE security practices that conflicted with whistleblower accounts, public reporting, and court filings. At GSA, senior officials were unable to confirm whether DOGE personnel were following required privacy and cybersecurity policies.
Additionally, according to the report, DOGE’s actions may breach multiple provisions of the Privacy Act of 1974 and the E-Government Act of 2002, particularly in how data is protected and shared across agencies.
At SSA, in particular, staff warned that DOGE’s handling of cloud-based data could expose the sensitive information of nearly every American to serious and possibly irreparable risk – even potentially opening it to private companies.
“They are bypassing cybersecurity protections, evading oversight, and putting Americans’ personal data at risk. We cannot allow this shadow operation to continue operating unchecked while millions of people face the threat of identity theft, economic disruption, and permanent harm,” Peters said in a statement following the release of the report. “The Trump Administration and agency leadership must immediately put a stop to these reckless actions that risk causing unprecedented chaos in Americans’ daily lives.”
Committee staff issued a series of urgent recommendations aimed at curbing DOGE’s unchecked access to sensitive federal data.
Chief among them is an immediate shutdown of the cloud environment created by DOGE personnel at SSA to handle NUMIDENT data – a database containing sensitive personal information on nearly all Americans. Staff warned that this system poses an extraordinary risk to data privacy and called for a full audit to determine whether any breaches or manipulation occurred.
They also recommended revoking DOGE’s access to personally identifiable information across the federal government until agencies confirm full compliance with federal privacy and cybersecurity laws, including FISMA, the Privacy Act, and the Federal Records Act.
The report also calls for increased transparency and oversight of DOGE operations, urging the administration to disclose DOGE’s data access privileges and subject them to congressional review. It recommends that inspectors general audit sensitive data systems to ensure DOGE staff followed proper procedures and complied with laws.
President Donald Trump created DOGE on his first day in office to reduce the federal workforce and spending and modernize government technology. Since then, the unit has faced criticism for collecting sensitive data without clear safeguards.
Besides data and security issues, the report also highlights significant concerns about DOGE’s influence and lack of transparency within federal agencies.
In multiple cases, agencies with Senate-confirmed leadership were unable to say who was actually making key decisions, with staff reporting that DOGE teams operate with an unclear level of authority and little to no oversight. Initiatives such as workforce reductions, reorganizations, and property disposals appeared to be driven by DOGE operatives rather than public-facing agency leaders.
The investigation also highlights the secrecy surrounding DOGE’s operations, which has hindered congressional oversight and raised serious privacy and accountability concerns. At SSA, GSA, and OPM, staff requests to meet with DOGE employees or obtain basic information about their roles were denied. Agency officials often refused to acknowledge the existence of DOGE teams, and some DOGE workspaces were heavily guarded, with blacked-out windows and restricted access.
Staff also observed that DOGE personnel operated under different rules than regular employees – working remotely without restriction, bypassing in-office requirements, and reportedly accessing sensitive data across agencies without proper training.
The report recommends halting all DOGE operations at SSA, GSA, and OPM until agencies can confirm that DOGE personnel are under proper oversight and follow the established chain of command. Agency leaders must have full control over DOGE activities, including data-sharing and cloud use, and ensure no external actors are directing their work.
It also calls for DOGE staff to follow the same policies, training, and access restrictions as other federal employees, with no special privileges regarding data access, telework, or security.