Elon Musk’s DOGE is executing a historically dangerous data breach

Federal judge Paul Engelmayer issued an emergency order Saturday that barred the Trump administration from providing access to sensitive and private financial information about hundreds of millions of Americans. The judge also ordered Elon Musk’s Department of Government Efficiency to destroy any data it had already accessed.  

We don’t yet know how much, if any, damage has already been done to American taxpayers and businesses. But perhaps, at a minimum, this judicial order will prevent further harm. The parties were ordered to return to court Friday for a full hearing on a preliminary injunction to prevent this information from being accessed again. In other words, Americans will have their day in court before this information is shared again, and it’s possible the American people will receive the same legal protections that President Donald Trump was afforded when his own financial records were subject to review by law enforcement and elected officials. He strenuously resisted these efforts and received full due process rights in cases that dragged out for years before those officials gained access to such records.

During his first term, Trump was the subject of several investigations with his personal financial records at their center. Both then-Manhattan District Attorney Cyrus Vance Jr. and several committees in Congress issued subpoenas to him and several financial institutions for such records. Trump sued to stop those efforts, taking the cases to the U.S. Supreme Court. After several years of litigation, the courts concluded that the subpoenas were lawful and legitimate and that Trump and his business associates had to comply with them. Congressional committees ultimately released redacted versions of some of Trump’s financial filings, making sure to protect sensitive data like his social security number or bank account information. 

In other words, Trump had many days in court before his right to privacy was infringed, and such infringement occurred only to the extent permitted by law, under close review by the courts.

Contrast that with what’s happening now, when unvetted individuals working for a “department” that doesn’t officially exist have gained access to the private financial information of hundreds of millions of American taxpayers and businesses. Veterans, retirees, taxpayers, you name it, had such rights swept away by DOGE mercenaries in an instant, with no court review, with no justification, without any consideration for due process rights. And we don’t know the full extent of the release of this information, who has access to it, what their designs on it are and whether they intend to sell it to other companies or even foreign countries, even when it appears some of this information may have been fed into a computer program, driven by artificial intelligence, to help DOGE identify potential cuts.

Every American individual and business should be concerned by this breach, which was carried out by private actors operating under the direction of the world’s wealthiest man, who just happens to have designs on creating a payments platform within a social media platform he owns. Just as concerning, given Musk’s billions of dollars in government contracts, such information could be used to gain an advantage over business competitors, to stop payments going to political rivals of the president or just to make people’s lives miserable. 

Even if no one on the DOGE team has already exploited this extracted information in any way, there is a harm to Americans knowing that someone, somewhere, most likely operating outside the law knows their private financial information — like Social Security numbers and private banking information like routing and account numbers — and maybe a lot more. We also do not know if they have the ability to halt payments to individuals and businesses who rely on government support for things like their federal pensions, Social Security payments and disability assistance, as well as the contracts to provide important services to the government and the American people. 

What we do know, however, is that many of those making the decisions will be unqualified teenagers and early twentysomethings deployed by Musk to oversee spending affecting every American.

And all of this seems to be taking place in an environment where a select number of individuals and favored entities can not only extract this information but also exploit it. This should worry every individual American taxpayer, who might wake up one day to find bank accounts frozen or drained or the lifeline of retirement or veterans’ benefits halted, perhaps just because of a computer glitch caused by individuals with little experience with government processes or systems. 

By allowing this staggering and unprecedented breach of financial privacy, the Trump administration has already set itself on a course where individuals and businesses aren’t free to organize their lives under principles of fair competition and equality; instead, there is a grave risk that these extractive practices will harm not just economic rights, but political rights, as well.

The right to privacy Americans have come to expect started in English common law, through the British case of Wilkes v. Wood in the mid-18th century. There, the courts in England found that it was illegal for royal functionaries to raid the offices and homes of members of Parliament who, it was feared, might oppose the policies of the crown. The colonists were well aware of the outcome of this case, and it helped to inform the arguments that would emerge against the Stamp Act and served as inspiration for the Declaration of Independence and would ultimately find its way into the Fourth Amendment to the Constitution protecting against unlawful searches and seizures, so that Americans would be secure in their “person, houses, papers and effects.”

Today, a relatively strong body of laws has emerged to protect our private information from intrusion, extraction and abuse, even when the government has access to it in the first place. Despite those protections, still untold millions of Americans were denied those same privacy and due process rights President (and then citizen) Trump enjoyed when he challenged — albeit unsuccessfully — the sharing of his own personal financial information pursuant to what were ultimately determined to have been lawful congressional and state law enforcement investigations. Still, during the course of that litigation, the information wasn’t shared with government officials until Trump’s unsuccessful lawsuits worked their way through the courts.  

In the DOGE incursion into the Treasury’s records, no Americans were afforded such rights. But perhaps now they will have their day in court.

All Americans deserve answers about the scope of the release of this information: who had access to it, what their designs on it might be, whether they have exploited it for private gain in any way and whether they have passed it along to other entities, individuals or governments. In mid-January, the Supreme Court ruled that Congress had a legitimate government interest in being concerned about the Chinese company that owns TikTok’s gathering data on American users of that platform. Now, such intrusion into our most sensitive data is happening by individuals purporting to act for the president. 

At least one court appears to have halted this practice, for now, and has sought to put the genie back in the bottle by ordering any copies of such information destroyed. Congress, too, must step in immediately to investigate the scope of the harm and demand answers and do so with the same subpoena power it wielded before in investigating Trump’s own financial dealings. This is necessary to protect the American people and businesses from this seemingly lawless abuse of privacy and due process and to understand the damage already done.