DOGE staffer violated Treasury rules by emailing unencrypted personal data

Details of the security lapse emerged in a court filing on Friday containing testimony by David Ambrose, the chief security and privacy officer at the Treasury’s Bureau of Fiscal Services, the division of the Treasury that disburses some trillions of dollars in federal funds to American households every year. A coalition of U.S. attorneys general brought the lawsuit in an effort to block the Trump administration’s team of DOGE cost-cutters from accessing highly sensitive personal and financial data on millions of Americans held by the Treasury unit where Elez was posted. 

Per the court filing on Friday, Ambrose said the Treasury conducted a forensic analysis of Elez’s department-issued laptop following his resignation, which included a review of his Treasury email account revealing the security lapse.

The filing did not say exactly what data was shared, but described the personal information as including a name (such as a person or entity), the type of transaction, and an amount of money. 

Ambrose said Elez acted “contrary to [the department’s] policies” because the data was not encrypted nor was the email approved before it was sent.

Bloomberg was the first to report the court filing on Friday.

Elez was rehired on February 18. He now works at the Social Security Administration, a person familiar with personnel matters told TechCrunch.

In response to the filing, the coalition of U.S. attorneys general that brought the suit said on Friday that Ambrose’s declarations “do nothing to allay any of the concerns” that the states brought “about the rushed and chaotic nature of the Treasury DOGE Team onboarding process.” 

In a separate case, a federal court is also considering blocking DOGE from accessing systems at the Social Security Administration that hold sensitive information on Americans.