ALEXANDRIA, Va. (CN) — A privacy nonprofit charged the Trump administration and Elon Musk’s Department of Government Efficiency organization on Monday with misuse of critical data systems and endangering the data of millions of Americans.
In the lawsuit filed in the U.S. District Court in the Eastern District of Virginia, the Electronic Privacy Information Center echoes a slew of lawsuits against Trump and DOGE, claiming they — along with the U.S. Department of the Treasury, the U.S. Digital Service, and the Office of Personnel Management — have perpetrated what it calls “the largest and most consequential data breach in U.S. history.”
The D.C.-based nonprofit says DOGE personnel, many of them associates of Musk, have gained access to sensitive information systems across numerous federal agencies like the Office of Personnel Management and the Treasury.
It claims the government, at the direction of DOGE, of abandoning privacy safeguards, “relinquishing control of these systems and, without legal basis, disclosing vast stores of personal information to individuals unauthorized by law to access them.”
Electronic Privacy Information Center, which advocates for privacy, freedom of information and other civil liberty issues, accuses the defendants of violating the Fifth Amendment right to information privacy, the Privacy Act of 1974 and the Administrative Procedures Act.
The nonprofit says that personal data of millions of federal employees stored in the Office of Personnel Management Enterprise Human Resources Integration are now at risk, along with information like social security numbers and tax information in systems like the Treasury’s central payment system, the Bureau of Fiscal Service.
“The [personally identifiable information] contained in both systems can enable identity theft and other financial crimes which have devastating effects on their victims. Plaintiffs’ information is at significantly elevated risk of being stolen and used by cybercriminals for these purposes,” the group says.
Under normal circumstances, these systems are carefully protected by rigorous information security protocols and robust privacy protections, the group says. But now the nonprofits says, individuals connected to DOGE have “connected hard drives and at least one server to these critical systems.”
“These individuals lack training in applicable security safeguards for personal information, do not have relevant Treasury or OPM experience, may not have necessary security clearances, and may not be federal employees,” the nonprofit says.
The Electronic Privacy Information Center seeks an order halting the the unlawful disclosure and computer matching of sensitive personal information. It asks the court to declare unlawful and halt DOGE access to or disclosure of personal or other protected information.
The nonprofit also names Office of Personnel Management Acting Director Charles Ezell and Treasury Secretary Scott Bessent as defendants.
In the lawsuit, the group calls out Bessent for granting DOGE personnel access to the Bureau of Fiscal Service’s payment systems. They also say Ezell and others failed to provide and abide by legally required safeguards. Musk is mentioned in the lawsuit but not named as a defendant.
This recent challenge adds to the administration’s mounting legal caseload spurred since Trump established DOGE in an executive order in the chaotic early days of his newest administration. In a separate case, the Trump administration has asked a federal judge to toss a temporary restraining order halting DOGE from accessing sensitive personal data stored on the Treasury Department’s payment system.
A student advocacy group is also in court attempting to prevent Musk and his government efficiency team from accessing confidential data from over 42 million federal student loan borrowers.