April 28, 2026executivepayment systems securitydata protectionfederal paymentsoversight reportsecurity failure
GAO releases report on Treasury security failures with DOGE payment system access
The GAO released report GAO-26-108131 finding Treasury's Bureau of Fiscal Service failed to follow IT security rules when granting a DOGE member access to three federal payment systems processing 1.2 billion domestic payments annually. The unnamed employee—identified as 25-year-old Marko Elez—never completed required security training or signed Treasury's rules-of-behavior agreement. Elez sent an unencrypted file with 350 USAID recipients' personal data to DOGE associates without agency approval. Treasury's data loss prevention tools failed to flag the transfer. (U.S. GAO, Apr. 28, 2026)
Sources
Department of Government Efficiency: Treasury Needs to Fully Implement Data Protection ControlsTreasury missed security controls in giving DOGE system access, GAO findsDOGE Worker Got Treasury Payment Data Without Security ChecksGAO report on DOGE payments access 'just the tip of the iceberg'Treasury missed security controls in giving DOGE system accessDOGE duo ducked security rules during Treasury stint, GAO finds