Critical Rights and Rule-of-Law Concern Ongoing potential Judicial finding
📅 Incident January 20, 2025 🔄 Updated March 26, 2026

DOGE Associates Gained Access to $6 Trillion Treasury Payment System

DOGE associates including Tom Krause (Broadcom executive) and Marko Elez (25-year-old with racist posts) accessed Treasury's $6 trillion payment system. Elez was mistakenly given write access to payment records. 19 AGs sued. A federal judge blocked access, calling it 'chaotic and haphazard,' but the 4th Circuit later reversed.

Elon Musk's DOGE associates — including a 25-year-old engineer with racist social media posts and a Broadcom executive — were granted access to the Treasury Department's Bureau of the Fiscal Service payment system, which processes over $6 trillion in annual payments. One associate was mistakenly given 'write' access capable of altering payment records. Multiple court battles ensued, with a federal judge calling the approach 'chaotic and haphazard,' but an appeals court ultimately lifted restrictions.

Executive summary

What this record documents

  • DOGE associates were granted access to the Treasury's Bureau of the Fiscal Service, which processes over $6 trillion in annual payments including tax refunds, Social Security benefits, veterans' benefits, and federal salaries.
  • Tom Krause, former Broadcom CFO and current CEO of Cloud Service Group, was made an unpaid 'senior advisor for technology and modernization' at Treasury. Marko Elez, a 25-year-old engineer, began working as a Treasury employee on January 21.
  • Elez was mistakenly given 'write' access — data-editing privileges — to a sensitive Treasury payments database. The error was discovered and revoked after one day, but it demonstrated the chaotic nature of access controls.
  • Elez resigned on February 6 after the Wall Street Journal discovered racist social media posts he had made before joining DOGE, raising questions about the vetting process for individuals given access to the nation's financial infrastructure.
  • A coalition of 19 state attorneys general, led by New York AG Letitia James, sued the Trump administration alleging DOGE was given unauthorized access to the payment system containing Americans' Social Security numbers and bank account information.

Timeline

Sequence of events

  1. January 20, 2025

    DOGE established; Treasury access begins

    Trump signs an executive order establishing DOGE. Tom Krause, former Broadcom CFO, is installed as an unpaid 'senior advisor for technology and modernization' at the Treasury Department, gaining access to the Bureau of the Fiscal Service payment system.

  2. January 21, 2025

    Marko Elez begins work at Treasury

    Marko Elez, a 25-year-old software engineer, begins working as a Treasury employee with access to payment systems. He is later discovered to have been mistakenly granted 'write' access to a sensitive payments database — the ability to alter payment records in a system handling $6 trillion annually.

  3. January 31, 2025

    Treasury Secretary formally grants DOGE payment system access

    Treasury Secretary Scott Bessent formally grants DOGE associates access to the Bureau of the Fiscal Service payment systems, overriding internal objections from career officials about the security and legal implications of giving outside personnel access to the $6 trillion payment infrastructure.

  4. February 5, 2025

    Treasury agrees to restrict DOGE access to read-only

    Under growing legal pressure, the Treasury Department agrees to restrict DOGE staffers to 'read-only' access to payment systems. The agreement permits Krause and Elez to access records 'as needed' but without write privileges. US District Judge Colleen Kollar-Kotelly signs off on the arrangement.

  5. February 6, 2025

    Elez resigns after racist posts discovered

    Marko Elez resigns from his government position after the Wall Street Journal discovers a series of racist social media posts he made before joining DOGE. He had been given access to one of the most sensitive financial databases in the federal government after just weeks on the job, with inadequate vetting.

  6. February 8, 2025

    Federal judge blocks DOGE access to Treasury systems

    US District Judge Paul Engelmayer issues a preliminary injunction blocking DOGE from accessing Treasury Department payment systems, calling the approach 'chaotic and haphazard.' The ruling comes in a lawsuit filed by 19 state attorneys general led by New York AG Letitia James.

  7. February 11, 2025

    Treasury admits Elez had read-WRITE access

    The Treasury Department admits in court filings that Marko Elez was mistakenly given read-write access to the payment database — not merely read-only access as previously claimed. The write privileges would have allowed altering payment records in the system that disburses trillions annually.

  8. February 12, 2025

    NED funding blocked by DOGE

    DOGE blocks funding to the National Endowment for Democracy (NED), using its access to Treasury payment systems to halt disbursements to the organization that supports democracy promotion programs worldwide.

  9. March 24, 2025

    Court orders Treasury compliance report on DOGE vetting

    Judge Engelmayer orders Treasury to submit a report certifying that DOGE associates have been properly trained to access payment systems and have been vetted and obtained proper security clearances. The deadline reflects ongoing concerns about the adequacy of safeguards.

  10. August 12, 2025

    4th Circuit appeals court lifts restrictions on DOGE access

    A 2-1 panel of the 4th Circuit Court of Appeals vacates the district court injunction blocking DOGE access to Treasury, OPM, and Education Department systems. Judge Julius Richardson, a Trump appointee, writes that the district court 'abused its discretion.' DOGE regains access to IRS systems containing all taxpayer information.

Analysis

Reporting, legal context, and impact

What Happened

Beginning on Inauguration Day 2025, Elon Musk's DOGE placed associates inside the Treasury Department with access to the Bureau of the Fiscal Service — the payment system that processes over $6 trillion in annual federal payments. The system handles tax refunds, Social Security benefits, veterans' benefits, Medicare payments, and federal salaries, and contains the Social Security numbers and bank account information of hundreds of millions of Americans.

The DOGE Associates

Tom Krause, the former Chief Financial Officer and President of Broadcom Software and current CEO of the Cloud Service Group, was installed as an unpaid "senior advisor for technology and modernization" at Treasury. This gave him access to one of the most sensitive financial databases in the federal government through a temporary special government employee arrangement.

Marko Elez, a 25-year-old software engineer, began working as a Treasury employee on January 21, 2025. In a revelation that crystallized the recklessness of the access controls, Elez was discovered to have been mistakenly granted "write" access to a sensitive payments database — meaning he had the ability to alter payment records in a system that disburses trillions of dollars annually. Treasury officials said the write privilege was given by mistake and revoked after one day upon discovery.

Elez resigned on February 6 after the Wall Street Journal discovered racist social media posts he had made before joining DOGE, raising fundamental questions about the vetting process for individuals given access to the nation's financial infrastructure.

The Lawsuits

A coalition of 19 state attorneys general, led by New York AG Letitia James, sued the Trump administration alleging that DOGE was given unauthorized access to the payment system in violation of federal privacy laws. A separate lawsuit was filed by a group of union members and retirees.

On February 8, US District Judge Paul Engelmayer issued a preliminary injunction blocking DOGE access, describing the approach as "chaotic and haphazard" and finding a risk of "irreparable harm" to Americans whose data was exposed.

The Appeals Court Reversal

Despite the district court findings, the 4th Circuit Court of Appeals reversed course in August 2025. In a 2-1 decision, the panel vacated the injunction, with Trump-appointee Judge Julius Richardson writing that the lower court had "abused its discretion." The reversal gave DOGE access not only to Treasury payment systems but also to IRS systems containing comprehensive taxpayer information for virtually every American.

Legal Analysis

Privacy Act and FISMA Violations

The Privacy Act requires that access to personal records be limited to those with a legitimate need and proper authorization. The Federal Information Security Management Act (FISMA) mandates specific cybersecurity protocols for government systems. The chaotic access controls described by the court — including the accidental granting of write access — demonstrate failures under both statutes.

The Write Access Problem

The mistaken granting of write access to Marko Elez represents more than an administrative error. In a system that disburses $6 trillion annually, write access means the ability to alter payment records — to redirect payments, change amounts, or modify beneficiary information. Even if the error lasted only one day, it exposed the system to catastrophic risk and demonstrated that the access control framework was fundamentally inadequate.

Scope of Data Exposure

The Treasury payment system contains an extraordinary concentration of sensitive data: Social Security numbers, bank account and routing numbers, tax liability information, benefit payment histories, and federal salary records. Unauthorized access to this data enables identity theft, financial fraud, and political surveillance at a scale affecting virtually the entire American population.

Why This Is Classified Critical

  • Scale of risk: $6 trillion in annual payments and financial data for hundreds of millions of Americans.
  • Write access: A DOGE associate was mistakenly given the ability to alter payment records in the nation's central payment system.
  • Inadequate vetting: An associate with racist social media posts was given access to critical financial infrastructure without adequate background screening.
  • Judicial findings: A federal judge found the access "chaotic and haphazard" and identified a risk of "irreparable harm."
  • Systemic vulnerability: The accidental nature of the write access error indicates that security controls were fundamentally insufficient for the sensitivity of the systems involved.
  • Appellate reversal: Despite serious judicial findings of harm, the appeals court allowed access to continue, leaving the vulnerability unresolved.

International Law Violations

  1. ICCPR Article 17: Mass unauthorized access to financial records constitutes arbitrary interference with privacy. The chaotic access controls and inadequate vetting compound the violation.
  2. UDHR Article 12: The right to protection of the law against arbitrary privacy interference was undermined by both the initial access and the appellate court's decision to lift protections.

Source documents

Primary records

  1. Attorney General James Stops Elon Musk and DOGE from Accessing Americans' Private Information

    New York Attorney General · Lawsuit announcement

    Coalition of 19 state attorneys general challenging DOGE access to Treasury systems.

    Open document

Linked reporting

Reporting and secondary sources

  1. Federal judge blocks Elon Musk's DOGE access to critical Treasury payment system CNN
  2. Federal judge blocks DOGE from accessing sensitive US Treasury Department material NPR
  3. Attorney General James Stops Elon Musk and DOGE from Accessing Americans' Private Information New York Attorney General
  4. 'DOGE' Access to Treasury Payment Systems Raises Serious Risks CBPP
  5. Trump administration agrees to restrict DOGE access to Treasury Department payment systems NBC News
  6. Court Documents Shed New Light on DOGE Access and Activity at Treasury Department Zero Day
  7. Marko Elez 'Resigned' the Day His Write Access to Payment Systems Was Discovered emptywheel
  8. Judge blocks Elon Musk, DOGE from accessing Treasury payment systems The Hill
  9. Block on DOGE access to Treasury systems extended by federal judge FedScoop
  10. Appeals court lifts block on DOGE access to Treasury, Education, OPM systems FedScoop
  11. DOGE will keep limited access to Treasury payments system with 2 associates having 'read-only' view CNN

Related records

Read this record in context

Updated March 26, 2026 Corruption & Self-Dealing
Serious Rights Violation Ongoing Judicial finding

DOGE Unauthorized Access to Treasury, OPM, and Social Security Databases

DOGE accessed Treasury, OPM, and SSA databases containing millions of Americans' personal data without authorization or completed background checks. Federal judges ordered data disgorged and deleted, finding Privacy Act and APA violations, though the Supreme Court later partially reversed.

  • DOGE staff were granted access to Treasury's central payment system (handling trillions in tax refunds, Social Security benefits, and veterans' benefits), OPM personnel databases, and SSA systems containing Americans' most sensitive personal data.
  • A federal judge found DOGE staffers were given access before background checks were completed or inter-agency detail agreements were finalized, violating the Privacy Act and Administrative Procedure Act.
Sources
12
Documents
2
Updates
0
Updated March 26, 2026 Corruption & Self-Dealing
Serious Rights Violation Ongoing Reported record

DOGE Employees Matched Social Security Data with Voter Rolls to Pursue Voter Fraud Claims

DOGE employees at SSA secretly worked with a political advocacy group to match Social Security data with voter rolls to find 'evidence of voter fraud and to overturn election results.' A signed data-sharing agreement and Hatch Act referrals followed. A whistleblower alleged DOGE copied 300+ million Americans' records into an unsecured virtual database.

  • In March 2025, a political advocacy group — believed to be True the Vote — contacted DOGE employees at SSA with a request to analyze state voter rolls, with the stated aim of finding 'evidence of voter fraud and to overturn election results in certain States.'
  • One DOGE team member signed a 'Voter Data Agreement' with the advocacy group on March 24, 2025, in his capacity as an SSA employee, without authorization from SSA leadership.
Sources
10
Documents
2
Updates
0
Updated March 26, 2026 Corruption & Self-Dealing
Serious Rights Violation Ongoing Reported record

CFPB Dismantlement While Musk Launches Competing XMoney Payment Service

Musk used his government role leading DOGE to dismantle the CFPB, the agency positioned to regulate his XMoney digital payments platform, while gaining access to competitors' confidential financial data — a textbook conflict of interest that multiple ethics bodies have flagged as potentially criminal.

  • DOGE shut down the CFPB on February 8, 2025, ordering all staff to stop work. The CFPB was the primary regulator that would have overseen Musk's planned XMoney payment platform.
  • X (formerly Twitter) announced XMoney, a peer-to-peer digital payments service with Visa debit card integration, which entered beta in March 2026 and is set for public launch in April 2026.
Sources
8
Documents
0
Updates
0