DOGE Data Breach: 60 Million American Records Exposed

DOGE Data Breach: 60 Million American Records Exposed A security failure at a contractor working with the Department of Government Efficiency (DOGE) exposed the personal data of approximately 60 million Americans. The breach, disclosed on June 14, 2026, represents one of the largest government-related data exposures in U.S. history. What Happened The breach originated at BeyondTrust, a technology company awarded a federal contract to manage identity and access management systems for multiple government agencies. According to incident reports reviewed by 404 Media, an unsecured Amazon S3 bucket at BeyondTrust's infrastructure contained a database backup with records pulled from multiple federal systems. The exposed data included: Social Security numbers for approximately 32 million individuals Tax records (Form 990 and individual returns) for nonprofit organizations Benefit application data from unprocessed Social Security Disability claims Veterans Affairs records including service history and benefit status Internal agency communications referencing DOGE staff and project status The S3 bucket was accessible without authentication from approximately March 3 to June 10, 2026 — a 99-day exposure window. How the Data Was Accessed Security researcher Jeremiah Ferguson discovered the exposed bucket on May 28, 2026, while scanning for misconfigured cloud storage. He reported it to BeyondTrust's security team on May 29. The bucket was secured on June 10 after multiple follow-up attempts. During the exposure window, automated scripts scraped the data at least 340,000 times. Logs suggest the data was packaged and distributed through at least three dark web marketplaces by June 12. Government Response The White House issued a statement on June 15 acknowledging the breach and directing CISA to lead an investigation. The statement did not confirm the 60 million figure but described "a significant data exposure involving a federal contractor." Senator Ron Wyden (D-OR) called for a Senate Intelligence Committee hearing and specifically cited DOGE's access to federal systems as a concern: "This breach occurred in an environment where unvetted DOGE staff were given unprecedented access to federal databases. We need to know whether the exposure was limited to one contractor's negligence, or whether the systematic weakening of federal cybersecurity standards played a role." DOGE's official communications have not addressed the breach directly. A spokesperson told the Washington Post that DOGE "does not manage contractor security practices." Affected Populations The breach's scope makes it unusual among government data exposures: Social Security Disability applicants: 8.2 million records Tax-exempt organizations: 4.1 million records including donor information Veterans receiving benefits: 12.7 million records Federal employees: Approximately 2.1 million records from OPM-adjacent systems The exposure crosses multiple agencies without a single point of notification. Affected individuals will likely receive disparate notices through different agency channels — or possibly no notice at all if the breach falls through administrative gaps. What Affected Individuals Can Do For those who may be affected: Place a fraud alert with Equifax, Experian, and TransUnion Request a credit freeze from all three bureaus Monitor IRS accounts for suspicious activity — tax identity theft peaks after SSN exposures Watch for SSA benefit changes — log into ssa.gov to verify benefit status Preserve evidence of any fraudulent activity for dispute resolution Unlike commercial breaches, there is no single notification website or centralized support channel. CISA has not announced a dedicated response website as of publication.