The Department of Government Efficiency (DOGE) gained access to critical Treasury Department payment systems in early 2025, with one DOGE employee given a government laptop without agreeing to follow data security rules, according to a new watchdog report.

In its April 28 report, the Government Accountability Office (GAO) found that the laptop issue was one of a series of potential IT security risks associated with DOGE’s access to three of Treasury’s Bureau of the Fiscal Service (BFS) payment systems between January and February of 2025. The majority of federal entities process payments through BFS systems.

BFS gave a DOGE employee the laptop “without ensuring that employee agreed to follow security rules or prevent data from being transmitted outside the bureau,” GAO said. A DOGE employee also had access to view, copy, and print data for the three payment systems.

In addition, that employee was inadvertently granted temporary access to create, modify, and delete data for one of the three systems, though GAO found no evidence of any changes to system data.

The report said BFS did not fully implement IT security controls, resulting in the Treasury DOGE team not always following IT security rules. For example, GAO said, a DOGE employee did not encrypt payment information sent to another agency DOGE team or obtain approval to share this information before sending it.

“BFS did not implement all controls needed to ensure compliance with (the) rules,” says the report, which contains a number of recommendations to improve IT security. “Until BFS fully implements controls for overseeing users with broad access to payment systems, this important information will be at greater risk of improper access, modification, disclosure, and misuse.”

President Donald Trump created DOGE on the first day of his new administration to reduce the federal workforce and spending and modernize government technology. Elon Musk initially headed DOGE before stepping away in May 2025, and most of DOGE’s functions were later absorbed by the Office of Personnel Management (OPM).

DOGE was dogged by a series of controversies, including criticism for collecting sensitive data without clear safeguards. Sen. Gary Peters, D-Mich., for example,  contended in a report released in September that DOGE officials risked Americans’ personal data by uploading sensitive information to the cloud without proper safeguards or oversight.

At Treasury, the DOGE team was established in January 2025, with two temporary employees working on projects related to BFS payment systems.

But BFS implemented only five of 14 selected controls for ensuring that the DOGE employees followed the bureau’s IT security rules, the GAO report said. For example, the report said, BFS did not configure security to identify and block unencrypted payment information, which resulted in a DOGE employee “improperly transmitting payment information outside of the bureau.”

GAO made six recommendations to BFS designed to fully implement controls “to ensure staff agree to follow IT security rules and configure security tools to identify and block the transmission of unencrypted payment information,” the report says.

BFS agreed with three of the recommendations but declined to say whether it agreed or disagreed with the other three.

“BFS has undertaken significant efforts to implement cybersecurity controls over its payment systems, and it is continually working to improve its implementation and monitoring of cybersecurity controls,” BFS Commissioner Timothy E. Gribben wrote to GAO in a document contained in the report.

Read More About
Civilian Agencies
Government Accountability Office
Recent
More Topics

Categories

About
Jerry Markon
Jerry Markon is a freelance technology reporter for MeriTalk. Previously, he reported for The Washington Post and The Wall Street Journal.
Tags