DOGE Duo Ducked Security Rules During Treasury Stint, GAO Finds

The Government Accountability Office released a report exposing serious IT security lapses by two Dogecoin‑affiliated staffers who were temporarily assigned to the Treasury Department’s Bureau of the Fiscal Service (BFS) during early 2025. The watchdog examined their access to three BFS payment systems that handle tax refunds, benefits, salaries and foreign aid, finding that the employees could view, copy and print sensitive data, and even shared a list of USID payment recipients without encrypting personally identifiable information. Key findings show that while the Dogecoin representative was inadvertently granted rights to create, modify and delete data, the GAO found no evidence of actual data changes. More troubling were procedural breaches: unencrypted PII disclosures, inadequate encryption, and Treasury’s own failure to fully implement mandated cyber controls on the BFS platforms. The GAO issued six recommendations; Treasury accepted three and left three unanswered. The report also highlighted a broader trend in federal technology adoption. The Office of Management and Budget’s 2025 AI inventory revealed a 70% jump to roughly 3,600 disclosed AI use cases, driven largely by NASA’s dramatic rise to 420 projects—a 2,260% increase from the prior year. Health and Human Services remained the top user, while defense and intelligence agencies were excluded from the count. These revelations underscore heightened cybersecurity risks in government payment infrastructure and the accelerating pace of AI deployment without robust oversight. Agencies must tighten access controls, enforce encryption standards, and respond comprehensively to GAO recommendations to safeguard taxpayer data and maintain public trust as AI becomes more pervasive across federal operations.