Judge denies OPM’s motion to dismiss DOGE ‘data disclosure’ case
A federal judge on Thursday denied a motion from the Office of Personnel Management to dismiss a lawsuit that alleges it violated federal laws by giving Elon Musk and Department of Government Efficiency members access to its systems and the information of tens of millions of Americans.
OPM in early March filed its motion to dismiss the case for a variety of reasons, but it ultimately failed to convince Judge Denise Cote of the U.S. District Court for the Southern District of New York to rule in its favor in three of the plaintiffs’ five claims.
Led by the American Federation of Government Employees and AFL-CIO, the plaintiffs argued in their initial complaint filed Feb. 11 that OPM gave “unvetted and untrained” DOGE agents access to a wide gamut of federal human resources systems that the agency houses and the underlying data of current and former federal employees contained in them.
Plaintiffs fear, the complaint says, that entrusting that data to the DOGE team led to “an increased vulnerability of their personal data to cyberattacks, hacking, and identity theft,” which “could be detrimental to their health, safety, and financial security” or make them the possible targets of “retaliatory firing by the Trump administration.” It also points to the relevant OPM data breach of 2015 that affected more than 22 million Americans who had worked with the federal government and the resulting identity theft and fraud as the perceived harm that could be done with such a large exposure of current and former employees’ data.
Ultimately, plaintiffs hope the court will keep DOGE staff from accessing OPM systems and data unless done so in accordance with the Privacy and Administrative Procedure acts, and force them to destroy any data taken from those systems.
For two of the plaintiffs’ initial claims that specifically involved portions of the Privacy Act, Cote did in fact rule in favor of dismissal, “except insofar as they are a predicate to the complaint’s other claims.” However, the judge denied the request to sack the other three claims — two dealing with the Administrative Procedure Act violations by OPM and one claiming “Ultra Vires” actions by the DOGE team.
“The complaint alleges a massive disclosure of the OPM records of tens of millions of Americans to unvetted and untrained individuals who had no legal right to access those records, in wholesale disregard of the Privacy Act,” the ruling reads. “It pleads that this intrusion was directed and controlled by the DOGE Defendants, including individuals in [the U.S. Doge Service] or associated with USDS. The DOGE Defendants have no statutory authority with respect to OPM records, such that these alleged actions were ‘blatantly lawless.’”
“The complaint adequately pleads that the DOGE Defendants ‘plainly and openly crosses a congressionally drawn line in the sand,'” it concludes.
Meanwhile, several other federal agencies have been at the center of litigation for similarly granting DOGE access to critical federal systems and data. One court in March issued a temporary restraining order blocking the group from further access to any Social Security Administration systems that contain personally identifiable information.
This also isn’t the only case that has called to bar DOGE from accessing personally identifiable information at OPM. A federal judge last month issued a preliminary injunction preventing Musk’s operation from accessing data at the federal personnel agency, as well as the departments of Treasury and Education.
There’s also an ongoing lawsuit in which pseudonymous federal employees have sued the agency for setting up a DOGE-linked system to blast mass emails to all federal employees without conducting necessary privacy assessments before doing so.
