USAID staff accuses DOGE of jeopardizing safety, accessing security clearance data
A new lawsuit sheds light on the Department of Government Efficiency’s (DOGE) work at USAID, with some employees alleging that DOGE workers had root access to computer systems containing security clearance data, including foreign contacts for an employee who deploys to conflict zones.
DOGE team members also are able to access Social Security numbers, passport information, personal references, financial records, tattoo descriptions and safety pass phrases, but do not have the security clearances needed to handle this “extremely confidential information,” the lawsuit says.
On Friday, a Maryland federal judge told plaintiffs they need to refile the complaint in the next week because it is three pages longer than rules allow.
Elon Musk, who runs DOGE, has used his access to security clearance files to assess USAID workers’ detailed financial records, the lawsuit contends, citing a February 11 press conference during which Musk said some agency staffers have net worths in the tens of millions of dollars.
In early February, DOGE workers received root access to the agency’s systems, which the lawsuit describes as “the highest level of access one can obtain, which allows complete control over a system.”
A plaintiff who works in cybersecurity at USAID researched the identities of the DOGE staff trying to access agency systems, determined they were “hackers” and became alarmed, the lawsuit says. She alerted her supervisors but DOGE already had entered the systems.
Soon after DOGE obtained root access, hundreds of USAID staff could no longer access their email, according to the lawsuit.
DOGE also has transferred data outside of the agency, the lawsuit says.
USAID workers overseas contacted a plaintiff located at headquarters and said they were stranded without access to their government phones and laptops and could no longer get into apps USAID uses to distribute emergency safety and security information, according to the complaint.
In another case, all contacts and safety apps were removed remotely from a phone belonging to a plaintiff located in a “high-risk” part of the Middle East, the lawsuit says.
The safety and security applications are the “mechanism by which federal government staff overseas in dangerous areas indicate that they are in a dangerous situation and access help,” the lawsuit says.
Some USAID workers have been doxxed as a result of the access DOGE has to sensitive personnel data, according to the lawsuit.
Suzanne Smalley
is a reporter covering privacy, disinformation and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop and Reuters. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.