Federal

DOGE likely violated order on Social Security data, court filing shows

The DOJ revealed usage of a third-party server to share data, as well as DOGE communicating with an advocacy group seeking to “overturn election results” in states.

By Matt Bracken

January 20, 2026

Listen to this article

0:00

This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.

A protester holds a sign that reads: "This billionaire stole your social security number" during a protest at a Manhattan Tesla dealership to demonstrate against Tesla CEO Elon Musk. (Photo by Michael Nigro/Pacific Press/LightRocket via Getty Images)

Members of the so-called Department of Government Efficiency embedded in the Social Security Administration potentially exposed personally identifiable information via a third-party server, the Department of Justice said in a court filing that also revealed coordination between DOGE and an advocacy group seeking “evidence of voter fraud.”

A lawsuit filed last February by the AFL-CIO and other labor groups against the SSA sought to cut off DOGE’s access to sensitive data housed in agency systems. In March, the U.S. District Court for the District of Maryland issued a temporary restraining order to limit that access.

But after an SSA records review of the agency’s “former DOGE Team for audit and litigation purposes,” the DOJ said in a filing dated Friday that “communications, use of data, and other actions” were found to be “potentially outside of SSA policy and/or noncompliant” with the court’s order.

One of those instances involved DOGE’s sharing of data via a third-party Cloudflare server — a system that is “not approved for storing SSA data and when used in this manner is outside SSA’s security protocols,” the DOJ wrote.

Prior to its records review, SSA officials “did not know” that DOGE representatives had used Cloudflare in this manner, the filing states, adding that because it is a third-party entity, the agency can’t determine what data was shared or whether it still exists on the server.

Declarations to the court last March from SSA officials said that all DOGE associates had undergone required privacy and ethics training and that the agency “has IT safeguards to ensure no private or commercial servers have been integrated with SSA systems.”

“SSA believed these statements to be accurate at the time they were made, and SSA believes them to be accurate today,” the DOJ wrote, though the Cloudflare data-sharing took place just before the TRO was entered.

The DOJ also disclosed in its filing multiple instances of DOGE associates accessing systems containing PII, including: a system that houses SSA employee records for workforce initiatives, a data visualization tool that could connect with other data sources, and a shared workspace where DOGE members could transmit data for fraud and analytics reviews, among others.

The SSA’s review also unearthed a March 2025 request from a political advocacy group to two DOGE members to analyze state voter rolls. The group’s “stated aim was to find evidence of voter fraud and to overturn election results in certain States,” the filing noted, and one of the DOGE associates signed a “Voter Data Agreement” in his capacity as a Social Security Administration employee, sending the document back to the group on March 24, 2025.

“At this time, there is no evidence that SSA employees outside of the involved members of the DOGE Team were aware of the communications with the advocacy group,” the DOJ wrote. “Nor were they aware of the ‘Voter Data Agreement.’ This agreement was not reviewed or approved through the agency’s data exchange procedures.”

According to the court filing, the SSA discovered the agreement in November of last year and made two Hatch Act referrals to the U.S. Office of Special Counsel the following month. The DOJ did not disclose the name of the advocacy group.