GAO finds Treasury skipped security rules granting DOGE access to federal payment systems

The Government Accountability Office releases a report finding that the Treasury Department's Bureau of Fiscal Service failed to follow basic IT security protocols when granting DOGE employees access to three federal payment systems in January and February 2025. The systems manage tax refunds, government salaries, Social Security, and other payments affecting millions of Americans. GAO finds that one DOGE employee — whose details match public reporting on Marko Elez — received access to view, copy, and print data from all three systems without completing required security training or signing the bureau's "rules of behavior" policy. The employee was also temporarily and accidentally granted the ability to modify and delete data in one of the systems. GAO finds no evidence data was changed. GAO also finds that Elez sent an unencrypted file containing personal information on 350 USAID payment recipients to two DOGE associates at the General Services Administration without obtaining agency approval, a probable security incident under Treasury rules. Treasury's data loss prevention tools did not detect or block the transmission. GAO issues multiple recommendations, which Treasury partially accepts. It is one of the first GAO reports released on DOGE''s government-wide data access practices.