TL;DR: One year ago this week, 19 state attorneys general sued the Trump administration after DOGE employees accessed Treasury payment systems containing Social Security numbers and bank accounts for millions of Americans. A federal judge blocked the access. Then appeals courts reversed the block. Then the Supreme Court ruled 6-3 that DOGE could access Social Security data. And in January 2026, the SSA admitted DOGE had been transferring sensitive data to unauthorized servers (including Cloudflare) while court orders were still in effect. The states sued. The courts fought. DOGE got the data anyway.

February 2025: "Chaotic and Haphazard"

It started on February 7, 2025. Nineteen attorneys general, led by New York, filed suit in the Southern District of New York after DOGE employees Marko Elez and Thomas H. Krause Jr. gained access to the Treasury Department's Bureau of Fiscal Service. That's the system that processes every Social Security check, tax refund, military paycheck, and Medicare reimbursement. Trillions of dollars. Millions of Americans' personal data [1].

The records inside: names, Social Security numbers, dates of birth, home addresses, phone numbers, email addresses, and bank account information.

The morning after the suit was filed, U.S. District Judge Paul A. Engelmayer issued a temporary restraining order. Judge Jeannette Vargas later extended it, calling DOGE's approach "chaotic and haphazard" and flagging inadequate vetting, missing security protocols, and zero documentation for how DOGE would handle the data [2].

"This level of access for unauthorized individuals is unlawful, unprecedented, and unacceptable," said New York AG Letitia James [1].

Connecticut AG William Tong called it "the largest data breach in U.S. history" [3].

For about two months, it looked like the courts would hold the line.

The Courts Reversed Course

In April 2025, DOGE staffer Ryan Wunderly became the first to get approved access after completing training and filing a financial disclosure. Then, on May 28, Judge Vargas lifted the TRO entirely. She found that four more DOGE staffers (Thomas Krause, Linda Whitridge, Samuel Corcos, and Todd Newnam) had completed training, security clearances, and financial disclosures. The door that courts had slammed shut was reopened, with conditions [4].

Then, on June 6, the Supreme Court weighed in. In a 6-3 decision, the justices ruled DOGE could access Social Security Administration records while the case played out. Justices Kagan, Sotomayor, and Jackson dissented. The majority said SSA "may give DOGE access to agency records in order for those members to do their work" [5].

By August 12, a federal appeals court finished the job. The Fourth Circuit, in a 2-1 ruling, vacated a district court injunction that had blocked DOGE from accessing data at Treasury, the Office of Personnel Management, and the Department of Education. Judge Julius Richardson wrote that the lower court "abused its discretion." Judge Robert King dissented, accusing the majority of inventing a "heightened standard" to shut plaintiffs out [6].

In 12 months, DOGE went from being blocked by federal judges to being greenlit by the Supreme Court. Every legal wall the states built, the higher courts knocked down.

What DOGE Did With the Access

On January 16, 2026, the Department of Justice filed a "notice of corrections" in the SSA case. The filing amended earlier claims about the scope of DOGE's access. It turned out DOGE employees had access to far more systems than the administration originally told the court [7].

The corrected record showed DOGE accessed:

  • Employee records
  • Facility access systems
  • Fraud and analytics shared workspaces
  • Data visualization tools connected to other data sources "which could provide access to PII"
  • Enterprise data warehouse schemas

Worse: DOGE employees sent an encrypted, password-protected file believed to contain SSA data (names and addresses of approximately 1,000 people) to the Department of Homeland Security and a DOGE advisor at the Department of Labor [7].

They also used Cloudflare servers to share data among themselves. The SSA couldn't determine what data was shared or whether copies still exist on those servers [7].

All of this happened while a court order from Judge Ellen Hollander limited DOGE's access. DOGE "retained certain SSA system access" anyway [7].

The Voter Data Agreement

It gets worse. Two DOGE employees were approached by a political advocacy group seeking to match SSA voter data against state voter rolls, the goal being to identify alleged fraud and "overturn election results in certain states" [7].

One employee signed an unapproved "voter data agreement" with the group. That triggered Hatch Act referrals to the Office of Special Counsel [7].

This is what the 19 states were afraid of when they filed suit a year ago: political operatives using federal data systems for partisan purposes. The courts said that fear was speculative. Then it happened.

The Bigger Picture

Treasury is just one agency. As of February 2026, DOGE has access to data at the Treasury Department, Social Security Administration, Office of Personnel Management, and Departments of Education, Commerce, Energy, Labor, Health and Human Services, Transportation, and Agriculture [8].

At the USDA, DOGE can view and modify data in the payment system, giving them access to sensitive personal information and the power to cancel loans [8].

At Treasury, at least one DOGE employee was temporarily granted read-write access, meaning the ability to modify payment data, not just view it. Treasury called it a "mistake" [4].

Brookings published an analysis in June 2025 comparing DOGE's cross-agency data project to the Total Information Awareness program that Congress killed in 2003 after the post-9/11 surveillance backlash. The Privacy Act of 1974 was written specifically to prevent this kind of centralized government database. DOGE is building it anyway [9].

When DOGE implemented anti-fraud checks at the SSA, only 2 out of 110,000 claims were flagged as "high probability" fraud. Processing slowed by 25% [9].

The Scorecard, One Year Later

Here's where everything stands:

  • February 2025: 19 states sue. TRO blocks DOGE access to Treasury.
  • April–May 2025: Judge approves DOGE staff one by one. TRO fully lifted May 28.
  • June 2025: Supreme Court rules 6-3 that DOGE can access SSA data.
  • August 2025: Appeals court lifts block on Treasury, OPM, and Education access.
  • January 2026: SSA admits DOGE transferred data to unauthorized servers while court orders were active.
  • February 2026: DOGE has access to 10+ federal agencies. At least 12 lawsuits are pending.

The states won the first round. They lost every round after that. And the data DOGE accessed during the "chaotic and haphazard" early days? Nobody can confirm it's been fully purged.

What You Can Do

Freeze Your Credit

With SSNs and bank data exposed across multiple agencies, freeze your credit at Equifax, Experian, and TransUnion. Free, takes 10 minutes.

Get an IRS Identity Protection PIN

Prevents anyone from filing a tax return with your SSN. Sign up at irs.gov.

Monitor Federal Benefits

If you receive Social Security, veterans benefits, or federal salary, check your accounts for unauthorized changes. DOGE staff had access to the systems that process your payments.

Support the Legal Fight

Organizations like AFSCME, ACLU, and EPIC are funding the 12+ federal lawsuits challenging DOGE's data access. Your state AG may also be involved.

What Happens Next

DOGE's authorization as a "temporary organization" is set to expire on July 4, 2026. But as The American Prospect reported, OMB Director Russell Vought is already embedding DOGE's functions into permanent government infrastructure [10].

The 12+ lawsuits are still working through the courts. The SSA's January 2026 admission that DOGE violated data access restrictions could reopen questions about compliance. But with the Supreme Court and appeals courts siding with the administration, the legal path for challengers keeps narrowing.

A year ago, 19 states said "enough." The courts agreed, briefly. Then the higher courts said DOGE could have it all. The question now isn't whether DOGE accessed your data. It's what they did with it, where it went, and whether anyone will ever be held accountable.

References

  1. CBS News - Federal judge blocks DOGE from accessing Treasury Department records after 19 states sue Trump administration (February 8, 2025)
  2. Courthouse News - Federal judge extends order barring unauthorized DOGE access to Treasury payment system (February 2025)
  3. CBS New York - At DOGE lawsuit hearing, state attorneys general allege largest data breach in U.S. history (February 2025)
  4. ABC News - Judge allows DOGE to access sensitive Treasury payment systems (May 2025)
  5. NPR - Supreme Court grants DOGE access to confidential Social Security records (June 6, 2025)
  6. FedScoop - Appeals court lifts block on DOGE access to Treasury, Education, OPM systems (August 12, 2025)
  7. The Register - SSA admits DOGE had more access than first said (January 21, 2026); NPR - DOJ admits DOGE accessed sensitive personal data (January 23, 2026); DOJ "Notice of Corrections" filed January 16, 2026 in AFSCME v. SSA
  8. Wikipedia - US federal agencies targeted by DOGE (updated 2026)
  9. Brookings - Privacy under siege: DOGE's one big, beautiful database (June 25, 2025)
  10. The American Prospect - DOGE Lives On Through Russell Vought (February 5, 2026)