Updates

EPIC Condemns Unprecedented Breaches of Personal Data at Federal Agencies 

February 4, 2025

Days ago, the Department of Government Efficiency (DOGE)—an organization led by Elon Musk that advises President Trump—directed the Treasury Department and Office of Personnel Management to disclose their vast stores of personal information to unauthorized individuals. This included “full access” to the government’s critical payment systems, which contains sensitive personal information of millions of Americans and disburses trillions of dollars every year.  

EPIC is responding to the risks that that breach poses, including providing our insights in the articles below. 

Alan Butler, EPIC Executive Director and President told Politico and Vanity Fair

“The scale here is unprecedented in terms of the risk to sensitive personal and financial information,” said Alan Butler of the Electronic Privacy Information Center. “It’s an absolute nightmare.”

In the same Politico article, Butler continued:

“They’re not following the law, they’re not following any semblance of best practice, they’re just hacking and slashing government IT systems in a way that threatens national security and puts everyone at risk,” Butler said. 

EPIC Director of Litigation John Davisson also told USA Today that: 

“This is an extremely irregular, unprecedented act of seizing critical systems and handing it over to people who, to a certainty, lack the training or have no prior familiarity with systems, are not charged with their safe keeping, and are really just rooting through them, identifying data points and combining data sets, it appears, for their own ends of dismantling the federal government,” Davisson said.

In an interview with The Record covering union groups suit against the U.S. Treasury Department, Davisson stated: 

“Trying to decimate federal expenditures by stopping payments that have been approved by other federal agencies would not be a routine, permissible use.”

And in reference to the access controls and training requirements developed by National Institute of Standards and Technology (NIST) under the Federal Information Security Modernization Act, Davisson continued: 

“If you roll up to a Treasury server and plug in whatever, something you bought at Best Buy, it probably does not meet the media restrictions and protocols that are set out in those NIST standards.”

Support Our Work

EPIC's work is funded by the support of individuals like you, who allow us to continue to protect privacy, open government, and democratic values in the information age.

Donate