Data Security
Scan this QR code to view this page on Unbreaking.
What is data security?
Data security protects sensitive information held by the government — names, birthdates, Social Security numbers, financial data, tax history, immigration status, medical records, and more — from unauthorized access, theft, corruption, and abuse. This encompasses both physical security (of storage devices, hardware, and facilities) and access to databases, APIs, and other digital systems.
The federal government:
- Regulates the collection, maintenance, use, and distribution of personal information held by federal agencies, including restricting disclosure of that information without consent.
- Protects sensitive health information from being disclosed without a patient’s consent.
- Guarantees the confidentiality of all taxpayer information.
- Protects Americans from fraud, predatory data use, and other abuses of the financial system, through monitoring and enforcement of federal financial laws.
- Establishes the Chief Information Officers Council and special offices, including the Cybersecurity and Infrastructure Security Agency (CISA) and former US Digital Service and 18F, to improve the government’s digital systems using, among other things, data security practices.
What is happening?
Since day one, the Trump administration has recklessly exploited Americans’ sensitive data in efforts to deport immigrants, restrict access to critical benefits and services, and gut the federal workforce. The administration is undermining data security by:
- Gathering and consolidating personal data, which breaks existing rules and norms by obtaining and combining sensitive data from multiple sources in ways that violate multiple laws — this includes feeding federal data into private databases and unvetted artificial intelligence systems.
- Expanding access to data from federal and local systems for unintended uses, including disclosing civilian data to law enforcement authorities and allowing unauthorized people access to highly sensitive systems.
- Weakening protections against misuse of data by removing or undermining existing data security systems, firing federal employees responsible for data protection, and ignoring official information requests about how sensitive data has been accessed or used.
Timeline of events
| Date | What happened? | Metadata |
|---|---|---|
| Nov 12, 2024 | One week after the election Trump announces a new “Department of Government Efficiency” to be led by Elon Musk and Vivek Ramaswamy. | |
| Jan 20, 2025 | A day-one executive order establishes the new Department of Government Efficiency, or DOGE, placing it within the US Digital Service (USDS). The unusual move to establish the department within the existing executive office structure gives the team immediate, insider access to government systems. | |
| Jan 20, 2025 | Vivek Ramaswamy abruptly departs DOGE. | |
| Jan 23, 2025 | Trump signs an executive order removing barriers to the use of artificial intelligence in the federal government. | |
| Jan 27, 2025 | DOGE staffers develop a new Government Wide Email System (GWES) without following required privacy protocols for federal employee data. | |
| Jan 27, 2025 | Staffers at the Office of Personnel Management (OPM) file a lawsuit seeking a temporary restraining order preventing the use of the GWES (Jane Does v. OPM). | $cases: Jane Does v. OPM |
| Jan 28, 2025 | Elon Musk uses GWES to send the “Fork in the Road” email to every federal employee: an offer to resign and receive six months pay, regardless of job duties or status. | |
| Jan 31, 2025 | DOGE locks the staff of OPM out of their computer systems. This move effectively ends all accountability and oversight over DOGE’s actions with sensitive employee data, including Social Security numbers, addresses, and more. | |
| Jan 31, 2025 | After serving three decades at the Treasury, career civil servant David Lebryk abruptly retires when DOGE staffers request unrestricted access to government payment systems. | |
| Jan 31, 2025 | Senator Ron Wyden sends a letter (PDF) to Treasury Secretary Scott Bessent requesting information about “disturbing reports that officials associated with Elon Musk and [DOGE] attempted to gain access to systems that control payments to millions of American citizens, including Social Security, Medicare and tax refunds.” | |
| Feb 5, 2025 | Reports surface that the CIA sent an unclassified email to OPM with a list of all employees hired in the previous two-year period. | |
| Feb 6, 2025 | The Washington Post reports that representatives of DOGE are feeding sensitive Education Department data into AI software, in a purported effort to understand the agency’s spending. | |
| Feb 7, 2025 | The American Civil Liberties Union (ACLU) files Freedom of Information Act (FOIA) requests with more than 40 federal agencies to try to understand 1) the scope of DOGE’s data gathering and 2) “whether DOGE or its representatives have sought or obtained access to databases containing personally identifiable information, financial records, healthcare data, or other sensitive government-held records of Americans.” | |
| Feb 7, 2025 | DOGE staff move to shut down the Consumer Financial Protection Bureau (CFPB). Established after the 2008 subprime mortgage crisis, the CFPB regulates the data held by banks and other financial institutions and protects Americans from fraud. | |
| Feb 9, 2025 | The National Treasury Employees Union (NTEU) sues Russell Vought (PDF), Acting Director of the CFPB, over efforts to dismantle the agency (NTEU v. Vought). | $cases: National Treasury Employees Union v. Vought |
| Feb 10, 2025 | Labor unions led by the American Federation of Teachers sue the administration to block DOGE from accessing data at the Treasury, Department of Education, and OPM, accusing the administration of breaching the Privacy Act of 1974 (AFT v. Bessent). | $cases: American Federation of Teachers v. Bessent |
| Feb 10, 2025 | The nonprofit Electronic Privacy Information Center (EPIC) sues DOGE over “its illegal seizure of personnel records and payment system data — actions which constitute the largest data breach in American history” (EPIC v. OPM). | $cases: Electronic Privacy Information Center v. OPM |
| Feb 11, 2025 | The American Federation of Government Employees and the Association of Administrative Law Judges, represented by the Electronic Frontier Foundation, sue OPM and DOGE for violation of the Privacy Act of 1974, aiming to force DOGE to delete any sensitive data disclosed to them by OPM (AFGE v. OPM). | $cases: American Federation of Government Employees v. OPM |
| Feb 11, 2025 | Representative Haley Stevens introduces the Taxpayer Data Protection Act to safeguard the sensitive information in the nation’s payment system and ensure that anyone accessing the system is vetted and free from conflicts of interest. | |
| Feb 12, 2025 | Larry Ellison — the billionaire founder of Oracle, a global leader in database systems — calls for the government to unify its databases for a massive AI-training effort. | |
| Feb 13, 2025 | Fourteen states sue the federal government (PDF), alleging that Musk’s power as leader of DOGE is unconstitutional and requesting an emergency restraining order to prevent DOGE from accessing systems and data (New Mexico v. Musk). | $cases: New Mexico v. Musk |
| Feb 17, 2025 | The Center for Taxpayer Rights files an emergency federal lawsuit in an attempt to prevent DOGE from illegally accessing taxpayer data from the Internal Revenue Service (IRS) (Center for Taxpayer Rights v. IRS). | $cases: Center for Taxpayer Rights v. IRS |
| Feb 18, 2025 | A federal judge denies the restraining order (PDF) requested by the states, allowing DOGE access at most agencies to continue. | |
| Feb 18, 2025 | The lead engineer of Notify.gov, a product from the Technology Transformation Service at the US General Services Administration, resigns in protest over DOGE’s attempts to access data without the legally required safeguards. | |
| Feb 19, 2025 | Trump signs an executive order directing DOGE and OMB to use state and agency data sources in their efforts to restrict immigrants from receiving public benefits and to make it easier to deport them. | |
| Feb 20, 2025 | Citizens for Responsibility and Ethics in Washington (CREW) sues DOGE (PDF) in an effort to force the agency to comply with unanswered FOIA requests as it seeks to understand DOGE activities at OPM, CFPB, the Treasury Department, and USAID (CREW v. DOGE). | $cases: Citizens for Responsibility and Ethics in Washington v. DOGE |
| Feb 21, 2025 | The Project on Government Oversight (POGO) sues DOGE and the Trump administration over the administration’s claim that DOGE is subject to the Presidential Records Act, not the Federal Records Act, and is therefore exempt from FOIA requests (POGO v. Trump). | $cases: Project on Government Oversight v. Trump |
| Feb 21, 2025 | Three unions led by the American Federation of State, County and Municipal Employees (AFSCME) sue the Social Security Administration (SSA), arguing that DOGE’s access to sensitive SSA data violates the Constitution (AFSCME v. SSA). The unions request that DOGE delete data it has collected and cease additional sharing of data. | $cases: American Federation of State, County and Municipal Employees v. Social Security Administration |
| Feb 22, 2025 | Elon Musk sends another all-government-employee email, telling employees to report their activities directly to OPM. The demand raises concerns that information may be shared in ways that violate the usual privacy and security standards. | |
| Feb 25, 2025 | Twenty-one staffers of the USDS resign in protest, accusing DOGE of “mishandling sensitive data” and “breaking critical systems.” | |
| Feb 26, 2025 | DOGE reportedly gains access to confidential records from the Department of Housing and Urban Development (HUD), including sensitive information about survivors of domestic violence and people who have filed discrimination reports. | |
| Feb 27, 2025 | Senator Elizabeth Warren and Representative Melanie Stansbury send an official letter to Elon Musk “demanding answers after two incidents in security failures of the DOGE.gov website, and reports that DOGE employees shared sensitive government information over insecure communications channels.” | |
| Mar 1, 2025 | The Trump administration shuts down 18F, an internal technology team whose mission was to improve government digital services, including data security practices. In a letter terminating the employees, DOGE staffer Thomas Shedd claims that 18F had been deemed “non-critical.” | |
| Mar 10, 2025 | In CREW v. DOGE, a federal judge grants one part of a preliminary injunction request, finding that DOGE is likely subject to FOIA and ordering it to fulfill CREW’s request for records “on an expedited timetable” (CREW v. DOGE). | $cases: Citizens for Responsibility and Ethics in Washington v. DOGE |
| Mar 11, 2025 | Congressional Democrats create a standardized form (PDF) for citizens to request that DOGE disclose all personal information it has collected on them, in accordance with the Privacy Act. | |
| Mar 12, 2025 | Ranking Member Gerald Connolly of the House Oversight Committee sends investigatory letters to 24 federal agencies about DOGE’s use of unauthorized, third-party AI tools to process people’s sensitive data. | |
| Mar 13, 2025 | The Trump administration fires William Paul, the Acting Chief Counsel of the IRS, and replaces him with an attorney thought to be supportive of DOGE. Paul reportedly raised objections to DOGE’s efforts to share tax information with other agencies. | |
| Mar 20, 2025 | Trump signs an executive order requiring data sharing across government agencies. | |
| Mar 24, 2025 | In the teacher’s union suit, a federal judge issues a preliminary injunction prohibiting DOGE from accessing sensitive data at the Department of Education, OPM, and the Treasury Department (AFT v. Bessent). | $cases: American Federation of Teachers v. Bessent |
| Mar 25, 2025 | Trump signs an executive order mandating that all federal agencies cease direct payments and instead issue electronic payments through the US Treasury, effectively requiring extensive data sharing with the Treasury Department without any privacy safeguards. | |
| Mar 25, 2025 | Trump signs an executive order about election integrity, which includes a section on “enforcing the citizenship requirement for federal elections” and requires the Attorney General to prioritize enforcement using information from Department of Homeland Security databases and state-issued identification records. | |
| Mar 28, 2025 | In NTEU v. Vought, a federal judge issues a preliminary injunction voiding the stop-work order for the Consumer Financial Protection Bureau and ordering that employees be reinstated (NTEU v. Vought). | $cases: National Treasury Employees Union v. Vought |
| Mar 31, 2025 | Democratic Senators Markey, Merkley, and van Hollen introduce the Privacy Act Modernization Act of 2025 to block “recent DOGE and Trump Administration actions by closing loopholes and strengthening the remedies available to Americans who have been harmed by DOGE actions” (PDF). | |
| Mar 31, 2025 | DOGE staffers reportedly gain access to the Federal Personnel and Payroll System containing 276,000 payroll records including sensitive employee information. Two senior IT officials who objected to giving DOGE access on the grounds that it would expose the government to cyberattacks are placed on leave. | |
| Apr 7, 2025 | The Fourth Circuit Court of Appeals grants the government a stay in American Federation of Teachers v. Bessent, allowing DOGE to continue to access data at the IRS and Department of Education (AFT v. Bessent). | $cases: American Federation of Teachers v. Bessent |
| Apr 8, 2025 | DOGE staffers reportedly stage a “hackathon” at the IRS, aiming to create a “mega API” that would connect IRS data to other federal systems. A system such as this one would necessarily interact with significant amounts of sensitive data, including taxpayer names, Social Security numbers, tax returns, and employment data. | |
| Apr 8, 2025 | A DOGE staffer at the Social Security Administration runs a script to intentionally add living immigrants to the SSA’s “death file,” effectively preventing them from working, banking, or using a credit card. | |
| Apr 8, 2025 | Acting IRS Commissioner Melanie Kraus resigns following the approval of plans to share IRS data with the Department of Homeland Security in an effort to target immigrants for deportation. Kraus is the third IRS Commissioner to depart since January. | |
| Apr 10, 2025 | ICE reveals it is paying $30 million to Palantir to build a “near real-time visibility into instances of self-deporation” and also identifies candidates prioritized for removal. | |
| Apr 10, 2025 | WIRED reports DOGE has access to information from the Department of Labor (DOL) regarding migrant farm workers, visa applicants, and formerly incarcerated people who have received workforce assistance. | |
| Apr 14, 2025 | The National Consumers League warns about the dangers of DOGE’s infiltration of the Federal Trade Commission (FTC): “By interfering with the FTC’s ability to protect the public — especially children’s data — from harmful privacy violations, fraud, and anti-competitive practices, DOGE has crossed the line.” | |
| Apr 15, 2025 | A whistleblower from the National Labor Relations Board (NLRB) tells the press that DOGE has extracted large amounts of data from labor complaints. The whistleblower subsequently received a threat taped to the front door of their home — a threat which itself contained sensitive information. | |
| Apr 16, 2025 | Forty-eight Democrats led by Representative Don Beyer send a letter (PDF) to Russell Vought demanding information about how DOGE has used AI technologies. | |
| Apr 17, 2025 | Ranking member of the House Oversight Committee Gerald Connolly sends a letter (PDF) to the acting Inspector General of the Social Security Administration about a whistleblower report that DOGE is leading an effort to compile data from SSA and multiple other federal agencies into a massive master database, in contravention of the Privacy Act. The whistleblower noted that staff had been seen with “backpacks full of laptops” containing sensitive data. | |
| Apr 17, 2025 | A federal judge restricts DOGE access to Social Security data, noting that “rooting out possible fraud, waste, and mismanagement in the SSA is in the public interest. But, that does not mean that the government can flout the law to do so” (AFSCME v. SSA). | $cases: American Federation of State, County and Municipal Employees v. Social Security Administration |
| Apr 18, 2025 | WIRED reports that DOGE is working on a master database intended to track and surveil immigrants, linking information from previously separate databases across US Customs and Immigration Services (USCIS), the IRS, the Social Security Administration, and voting records from Pennsylvania and Florida. A source tells WIRED that “DOGE staffers are not abiding by our nation’s privacy and cybersecurity laws and their actions are more in line with tactics used by adversaries waging an attack on US government systems.” | |
| Apr 21, 2025 | The National Institutes of Health announces a plan to create an autism registry connecting data from such disparate sources as pharmacy medication records, test results from patients treated at the VA and Indian Health Service, private insurance claims, and even from smartwatches and fitness trackers. | |
| Apr 21, 2025 | The ACLU sues the Social Security Administration and the Department of Veterans Affairs in an effort to enforce the Freedom of Information Act (FOIA) filings from February, as they seek to unearth information about DOGE’s access to Americans’ sensitive information (ACLU v. SSA). | $cases: American Civil Liberties Union v. Social Security Administration |
| Apr 23, 2025 | New York State Police give ICE access to the Gang Reporting and Intelligence Program (GRIP), a database of alleged gang members, which US Immigration and Customs Enforcement (ICE) can use to target people for deportation. The database makes use of low quality, speculative criteria such as tattoos and clothing. | |
| Apr 23, 2025 | American Oversight, a nonpartisan, nonprofit watchdog organization, sues DOGE and Trump officials for violating the Federal Records Act. The suit calls out the use of unapproved software like the encrypted-messaging app Signal and Google Docs as an attempt to illegally bypass federal recordkeeping laws (American Oversight v. DOGE). | $cases: American Oversight v. DOGE |
| Apr 24, 2025 | More than 50 House Democrats sign a letter requesting answers from the NLRB about the whistleblower report that surfaced on April 15. | |
| Apr 25, 2025 | The NIH walks back the plans to make an autism registry, days after the proposal was first announced. | |
| Apr 29, 2025 | The comptroller of the Government Accountability Office (GAO) — an agency known as the “Congressional watchdog” — testifies to the Senate that they are auditing the “digital footprint” made by DOGE across various agencies. | |
| May 7, 2025 | The Department of Health and Human Services (HHS) announces a partnership between the National Institutes of Health (NIH) and the Centers for Medicaid & Medicare Services (CMS) to “understand autism through secure access to Medicaid and Medicare data.” How this new partnership differs from the previously announced — and then retracted — creation of an “autism registry” remains unclear. | |
| May 13, 2025 | Acting Director of the CFPB Russell Vought cancels new rules that would have protected Americans’ private data from being sold to data brokers. The rules were intended to prevent marketers from targeting people based on knowledge of their debt, medical history, or their employment in the government or military. | |
| May 15, 2025 | House Oversight Democrats ask a Treasury Department watchdog to investigate DOGE’s data and IT modernization activities at the IRS following reports in April of an internal “hackathon” at the tax agency. | |
| May 16, 2025 | The GAO successfully blocks an effort by DOGE to place DOGE staffers in the GAO, potentially undermining their auditing effort. House Democrats write to DOGE (PDF) in alarm at the attempt, noting that the GAO is “an independent agency within the Legislative Branch.” | |
| May 20, 2025 | Democratic Senators including Mark Warner introduce the Defending Our Government’s Electronic data: Bolstering Responsible Oversight & Safeguards (DOGE BROS) Act to increase penalties for breaking existing privacy laws. | |
| May 22, 2025 | US Citizenship and Immigration Services (USCIS) announces that they have integrated Social Security data with an immigration database for the purpose of identifying election fraud. | |
| May 22, 2025 | Recipients of the Supplemental Nutrition Assistance Program (SNAP) sue the Department of Agriculture (USDA) over the department’s demand for sensitive data about food assistance recipients, arguing it violates privacy laws (Pallek v. Rollins). | $cases: Pallek v. Rollins |
| May 25, 2025 | 404 Media reports that ICE has gained “side-door” access to Flock, an automated license plate–reader database, and is using it for immigration enforcement. | |
| May 28, 2025 | During an oversight visit (PDF), General Services Administration (GSA) staff refuse to give the Senate Homeland Security & Government Affairs Committee (HSGAC) information about a Starlink system operating outside of ordinary network controls at GSA. | |
| May 29, 2025 | WIRED reports that Customs and Border Protection (CBP) has collected DNA samples from over 130,000 children, some as young as four, and uploaded the data to an FBI-run database designed to track sex offenders and violent criminals. | |
| May 30, 2025 | Reports surface about the government’s $113 million deal for Palantir’s Foundry software, which facilitates consolidating data from multiple agencies. Thirteen former Palantir employees protest the arrangement (PDF), telling the New York Times that “Data that is collected for one reason should not be repurposed for other uses. Combining all that data, even with the noblest of intentions, significantly increases the risk of misuse.” | |
| Jun 4, 2025 | Senate Democrats introduce the Protecting Seniors’ Data Act of 2025, asking for a comprehensive audit of DOGE’s interactions with all Social Security Administration systems, in an effort to uncover if DOGE has violated the Privacy Act or the Federal Information Security Management Act. | |
| Jun 5, 2025 | ICE agents in Puerto Rico are reported making use of driver’s license data to target immigrants, despite the transportation agency claiming that they have no collaboration agreements with other agencies. | |
| Jun 6, 2025 | The CDC tells state public health officials that it is shifting disease reporting to the Foundry software system managed by Palantir, raising alarms that sensitive health data could be exposed or misused. | |
| Jun 6, 2025 | The Supreme Court grants a temporary stay of lower court orders restricting DOGE’s access to Social Security Administration (SSA) data and systems, effectively allowing DOGE continued access to sensitive SSA data (AFSCME v. SSA). | $cases: American Federation of State, County and Municipal Employees v. Social Security Administration |
| Jun 9, 2025 | A federal judge orders OPM to cease sharing data from federal employee records with DOGE staffers, citing concerns that the data sharing violates the Privacy Act (AFGE v. OPM). | $cases: American Federation of Government Employees v. OPM |
| Jun 10, 2025 | Reports surface of data sharing between the Centers for Medicare & Medicaid Services (CMS) and immigration authorities, a move that could facilitate arrest and deportation of immigrants. | |
| Jun 11, 2025 | The USDA bypasses privacy safeguards and sets up a new SNAP information database in order to collect personally identifiable information about SNAP recipients, including birthdates, addresses, and Social Security numbers. | |
| Jun 13, 2025 | Governor Gavin Newsom of California takes issue with reports that HHS shared data about Medicaid beneficiaries in California with the Department of Homeland Security in a “legally dubious” maneuver that “will jeopardize the safety, health, and security of those who will undoubtedly be targeted by this abuse, and Americans more broadly.” | |
| Jun 14, 2025 | Governor Bob Ferguson of Washington protests data sharing between HHS and the Department of Homeland Security, which exposed Washington state Medicaid beneficiaries’ data to immigration authorities. | |
| Jun 19, 2025 | A federal judge overturns a Biden-era expansion of privacy rules aimed at protecting medical records related to abortion and gender-affirming care. | |
| Jun 20, 2025 | During an oversight visit (PDF), OPM Chief Information Officer Greg Hogan tells Senate Homeland Security & Government Affairs Committee (HSGAC) staff that OPM has made no changes in response to the June 9 injunction in AFGE v. OPM, which required OPM to stop sharing personal data with DOGE. | |
| Jun 24, 2025 | American Oversight sues the Trump administration seeking release of all records related to DOGE’s data access at the Treasury Department and Social Security Administration (American Oversight v. US Department of Treasury). | $cases: American Oversight v. US Department of Treasury |
| Jun 25, 2025 | Flock — the automated license plate–reader database being used by ICE to target immigrants for deportation — reportedly restricts access to nationwide searches in some states in order to comply with state laws that prevent data sharing for immigration purposes. | |
| Jun 26, 2025 | ICE rolls out a new “facial recognition” mobile phone app that can purportedly identify people using only a smartphone camera. The software is based on an existing app used by Customs and Border Protection agents to scan people entering the country. | |
| Jun 29, 2025 | DOGE begins work on a national citizenship database, integrating data from immigration agencies and the Social Security Administration. | |
| Jun 30, 2025 | The National Personnel Records Center releases a largely unredacted version of Democratic Representative Mikie Sherrill’s military record, including her Social Security number, to an ally of her GOP opponent in the New Jersey governor’s race, in violation of standard operating procedures. | |
| Jul 1, 2025 | California leads 19 other states in suing the Trump administration for sharing Medicaid data with immigration officials. The suit alleges that such data sharing violates the Health Insurance Portability and Accountability Act (HIPAA) (California v. HHS). | $cases: California v. HHS |
| Jul 1, 2025 | Customs and Border Protection reveals that it’s looking for tech companies to provide tools to access data from phones, laptops, and other devices seized at the border. | |
| Jul 8, 2025 | QueerDoc and Children’s Hospital of Philadelphia separately ask courts to cancel subpoenas from the DOJ for extensive patient, employee, and billing data related to gender-affirming care (QueerDoc v. DOJ, In Re: Subpoena No. 25-1431-014). | $cases: QueerDoc v. DOJ; Challenge to DOJ Subpoena of Children’s Hospital of Philadelphia |
| Jul 9, 2025 | Reports surface that ICE is using a database of car- and health-insurance claims containing “peoples’ names, addresses, telephone and tax identification numbers, license plates, and other sensitive personal information” to find and target immigrants. | |
| Jul 9, 2025 | The USDA notifies states about a new requirement to disclose information on state SNAP recipients. | |
| Jul 9, 2025 | Peter Hatch, an ICE director of Homeland Security Investigations, testifies that the agency used a private website targeting pro-Palestinian activists to identify student protestors for immigration enforcement efforts. | |
| Jul 10, 2025 | NPR reports that a DOGE staffer at the USDA has gained access to a key payments system that manages billions of dollars in payments and loans to farmers. | |
| Jul 11, 2025 | The State Department breaks apart the Bureau of Cyberspace and Digital Policy, in a move security experts criticized as weakening US defenses. | |
| Jul 14, 2025 | ICE and the Centers for Medicare and Medicaid Services (CMS) sign an information sharing agreement that gives ICE access to information about the 79 million Medicaid enrollees in the US, with the aim of gathering “information concerning the identity and location of aliens in the United States.” | |
| Jul 15, 2025 | Democratic Senators Alex Padilla (CA), Gary Peters (MI), and Jeff Merkley (OR) send a letter to Kristi Noem about the new citizenship data program, expressing concern that it did not go through any of the required disclosure processes, including comment periods and detailing of operations and safeguards. | |
| Jul 15, 2025 | ProPublica obtains the blueprint for a new IRS program that shares unprecedented amounts of taxpayer data with ICE, and which allows “on-demand” access to information for people the department seeks to remove. | |
| Jul 16, 2025 | The National Geospatial-Intelligence Agency (NGA) announces a no-bid contract to Palantir for “the integration of artificial intelligence (AI) into the field of geospatial intelligence” including GPS data and satellite imagery. | |
| Jul 16, 2025 | American Oversight files multiple lawsuits against various federal agencies in an attempt to identify DOGE staffers in light of the “unprecedented authority” they have exercised with regard to “access to sensitive data systems.” | |
| Jul 17, 2025 | Senator Ron Wyden (OR) sends an inquiry to DHS and DOJ seeking information on reports that DNA samples from 130,000 migrants under 18 were added to an FBI database of people suspected or convicted of criminal activity. | |
| Jul 17, 2025 | 404 Media details information from the user manual of Mobile Fortify, ICE’s new facial recognition app, which allows officers to instantly look up DHS, State Department, and state law enforcement databases by just pointing a phone at someone’s face. | |
| Jul 17, 2025 | San Francisco Sheriff Paul Miyamoto refuses a request from Attorney General Pam Bondi to turn over a list of non-citizen inmates from San Francisco country jails, saying that, “If the federal government has a legal reason to arrest someone, they can do so by obtaining a criminal warrant or court order.” | |
| Jul 17, 2025 | A group of Senators led by Martin Heinrich push for a Protect DREAMer Confidentiality Act that would limit data from DACA applicants from being used for immigration enforcement purposes. | |
| Jul 23, 2025 | The President unveils an “A.I. Action Plan” and signs an executive order preventing the federal government from procuring AI tools that “favor…ideological dogmas such as DEI.” | |
| Jul 28, 2025 | A coalition of Attorneys General for 22 states sues the USDA, challenging its plans to require states to disclose personal information about SNAP recipients (California v. USDA). | $cases: California v. USDA |
| Jul 29, 2025 | The Maine Secretary of State holds a press conference telling the DOJ to “go jump in the Gulf of Maine” (video) in response to a request to submit the state’s voter registration list. | |
| Jul 30, 2025 | The Trump administration announces a new health data monitoring system that collects private data from healthcare and tech companies. | |
| Jul 30, 2025 | Health Department officials in New Hampshire and Vermont comply with the USDA deadline to share confidential data about SNAP recipients — including names, addresses, and Social Security numers — with the federal government, despite an ongoing legal challenge filed against the USDA order by 22 other states. | |
| Jul 30, 2025 | Democratic Senators Sheldon Whitehouse (RI), Ron Wyden (OR), and Elizabeth Warren (MA) introduce the Pick Up After Your DOGE Act, which would require the DOGE administrator to account for all data and systems accessed in a Government Accountability Office audit. | |
| Jul 31, 2025 | The NIH appears to be moving ahead (PDF) with yet another version of its autism tracking initiative, this time by reviving a Biden-era data-aggregation program to track Alzheimer’s disease that was shelved after poor audit results. | |
| Aug 1, 2025 | DHS publishes a notice for state election administration grants that eliminates federal funding for cybersecurity collaboration between states, following federal budget cuts for the Multi-State Information Sharing and Analysis Center (MS-ISAC), which coordinates this collaboration. | |
| Aug 7, 2025 | Five associations representing US mayors, cities, counties, sheriffs, and state CIOs write to the leaders of the House and Senate Appropriations Committees (PDF), asking them to continue supporting the security of local government data by restoring funding for MS-ISAC, the cyber security collaboration defunded on August 1. | |
| Aug 8, 2025 | Democratic Representatives Raja Krishnamoorthi (IL) and Robert Garcia (CA) launch an investigation (PDF) into reports that license-plate reader data from Flock surveillance cameras has been shared with police by Home Depot and Lowe’s, large home improvement stores that have been common sites of ICE raids on day laborers. | |
| Aug 8, 2025 | The IRS begins sharing data with the Department of Homeland Security (DHS). This move comes just hours after Trump removes IRS commissioner Billy Long, who had reportedly refused to disclose much of the requested confidential taxpayer information. | |
| Aug 11, 2025 | The Fourth Circuit overturns a preliminary injunction, granting DOGE unfettered access to sensitive data at the Treasury Department, the Education Department, and the Office of Personnel Management (OPM) (AFT v. Bessent). | $cases: American Federation of Teachers v. Bessent |
| Aug 12, 2025 | A federal judge orders the Department of Health and Human Services to pause its program sharing data on Medicaid beneficiaries from 20 states with immigration authorities (California v. HHS). | $cases: California v. HHS |
| Aug 15, 2025 | Attorney General Pam Bondi launches an investigation of Federal Reserve governor Lisa Cook for alleged mortgage fraud, using Cook’s personal data from the Federal Housing Finance Agency (FHSA). The suit follows similar moves against administration opponents Democratic Senator Adam Schiff (CA) and NY Attorney General Letitia James. | |
| Aug 19, 2025 | The Centers for Medicare & Medicaid Services announce a plan to disenroll individuals from Medicaid if their citizenship cannot be verified through existing databases, including the DHS Systematic Alien Verification for Entitlements (SAVE) program. | |
| Aug 22, 2025 | Democratic Senator Ed Markey (MA) sends a letter to Small Business Association (SBA) Administrator Kelly Loeffler demanding information about the unauthorized “DOGE AI Deregulation Decision Tool.” The letter asks whether DOGE is using confidential data to train the system, following reports that DOGE fed SBA regulations into the AI tool and found that 85% of them should be removed or changed. | |
| Aug 25, 2025 | 404 Media reports that CBP has access to 80,000 Flock license plate reader cameras nationwide. Flock acknowledges that it has failed to “ensure local compliance” and announces it is pausing “all ongoing federal pilots” in response. | |
| Aug 26, 2025 | In a whistleblower complaint, Social Security Administration Chief Data Officer Charles Borges reveals that DOGE staffers uploaded the entire Social Security database of over 300 million current names, addresses, and Social Security numbers to a “vulnerable” cloud server — leaving the personal information of nearly all Americans at risk of leaks or hacking. Borges is forced to resign from his position shortly afterward. | |
| Aug 27, 2025 | Former IRS Chief Privacy Officer Kathleen Walters says in an interview that the agency’s deal to share the tax data of 700,000 immigrants with DHS failed to comply with privacy laws. | |
| Sep 4, 2025 | UC Berkeley notifies roughly 160 students, faculty, and staff, including the prominent philosopher Judith Butler, that it shared their names with the Department of Education’s Office of Civil Rights in compliance with an investigation of alleged antisemitism on campus. A Truthout analysis of the December 2024 compliance resolution agreement reveals that University of California campuses in Los Angeles, Santa Barbara, San Diego, Davis, and Santa Cruz are also targets in the investigation. | |
| Sep 4, 2025 | The Department of Justice sues Boston over the city’s TRUST Act, which limits local law enforcement’s ability to share individuals’ personal information and immigration status with ICE, in the midst of a wider debate around an agreement to fund the Boston Regional Intelligence Center (BRIC) — which might facilitate such data-sharing. | |
| Sep 5, 2025 | In a lawsuit challenging the release of taxpayer data to ICE, federal judge Colleen Kollar-Kotelly orders the IRS to give the court 24 hours’ notice before complying with future ICE requests for taxpayer data (Center for Taxpayer Rights v. IRS). | $cases: Center for Taxpayer Rights v. IRS |
| Sep 9, 2025 | The Wall Street Journal reports that Food and Drug Administration (FDA) officials are trying to waive medical data privacy protections as part of an effort to compile information about the “harmful effects” of COVID vaccines on pregnant women. | |
| Sep 9, 2025 | Public Service Alliance (PSA), a company founded in 2024 to serve current and former government employees, launches an online marketplace. The platform provides free and discounted services including online data removal, legal counsel, and threat monitoring. | |
| Sep 11, 2025 | Democratic members of the House Ways and Means Committee launch an inquiry to request information about a whistleblower report that DOGE staffers stored Social Security data on a vulnerable cloud server. | |
| Sep 11, 2025 | Nine Democratic Senators send a letter to ICE Director Todd Lyons (PDF) asking the agency to provide detailed information on its use of the Mobile Fortify face-scanning app and to stop using the facial recognition software that enables “Super Queries” of multiple government databases. | |
| Sep 12, 2025 | The Department of Justice (DOJ) confirms that it is sharing state voter registration data with DHS in an effort to identify noncitizens on voter rolls, despite the fact that noncitizen voting is vanishingly rare. | |
| Sep 15, 2025 | Arizona’s attorney general limits ICE’s access to a database of US-Mexico wire transfers that it had used to target immigrants. | |
| Sep 15, 2025 | The OMB Office of Information and Regulatory Affairs approves a proposed rule expanding CBP’s pilot biometric exit program to all airports, seaports, and border crossing points. The program uses facial recognition technology to check that photos taken by federal agents as international travelers are leaving match the photos in their travel documents. | |
| Sep 16, 2025 | A coalition led by the American Association of University Professors (AAUP) files a lawsuit (PDF) against the Trump administration and federal government to block illegal federal funding cuts and harmful federal policies that infringe on their rights, such as UC Berkeley giving the Department of Education the names of 160 individuals associated with “alleged antisemitic incidents.” (AAUP v. Trump) | $cases: American Association of University Professors v. Trump |
| Sep 16, 2025 | The DOJ files lawsuits against Maine and Oregon in an effort to force the states to provide detailed voter registration data (US v. Bellows, US v. Oregon). | $cases: US v. Bellows; US v. Oregon |
| Sep 16, 2025 | The Electronic Frontier Foundation and the American Civil Liberties Union send a demand letter and records request (PDF) to the San Francisco Police Department, expressing concerns about reports that out-of-state law enforcement, including federal authorities, had access to the city’s automated license plate reader data, likely in violation of California law. | |
| Sep 18, 2025 | A federal district court judge issues a temporary restraining order blocking the USDA from collecting data about SNAP applicants. The order applies to a coalition of states suing the USDA, with the exception of Nevada, which fully complied with the USDA’s data request (California v. USDA). | $cases: California v. USDA |
| Sep 22, 2025 | 404 Media sues ICE to demand the publication of its $2 million contract with Paragon Solutions, a surveillance company that makes spyware capable of accessing mobile messaging apps. | |
| Sep 23, 2025 | Nebraska state officials agree to hold off on sharing voter data with the Department of Justice until a lawsuit brought by Common Cause to block the release of the state’s full voter registration list is settled (Common Cause v. Evnen). | $cases: Common Cause v. Evnen |
| Sep 24, 2025 | The General Service Administration’s Office of Inspector General announces plans to audit whether DOGE’s actions at the agency — including shutting down the technology and data office 18F — were “in compliance with regulations, guidance, and agreements.” | |
| Sep 24, 2025 | 404 Media and Freedom of the Press Foundation sue DHS to enforce a FOIA request for an interagency data agreement that reportedly discloses the personal data of 80 million Medicaid beneficiaries to ICE (FPF v. DHS). | $cases: Freedom of the Press Foundation v. DHS |
| Sep 25, 2025 | Democrats on the Senate Homeland Security & Government Affairs Committee minority staff releases the results of an extensive investigation (PDF) finding DOGE’s activities at the Office of Personnel Management (OPM), the General Service Administration (GSA), and the Social Security Administration (SSA) violate multiple laws and create the possibility of a data breach affecting all Americans. The report recommends that the Inspectors General at these agencies remove DOGE’s access to all sensitive data until they verify legal compliance. | |
| Sep 25, 2025 | The DOJ sues California, Michigan, Minnesota, New York, New Hampshire, and Pennsylvania over their refusal to disclose individual voters’ personal information, including addresses, driver’s license numbers, and partial Social Security numbers (US v. Weber, US v. Benson, US v. Simon, US v. New York, US v. New Hampshire, and US v. Pennsylvania). | $cases: US v. Weber; US v. Benson; US v. Simon; US v. New York; US v. New Hampshire; US v. Pennsylvania |
| Sep 29, 2025 | Nextgov reports that hackers who accessed remote desktop software on servers at the Federal Emergency Management Agency accessed employee data from that agency and from Customs and Border Protection between June 22 and July 16, when staffers began blocking the attack. | |
| Sep 30, 2025 | The League of Women Voters, the Electronic Privacy Information Center (EPIC), and five anonymous individuals represented by Citizens for Responsibility and Ethics in Washington (CREW) file a class action lawsuit (PDF) challenging the legality of USCIS’s expansion of its SAVE citizenship verification program into a new data lake consolidating sensitive information from multiple agencies (League of Women Voters v. DHS). | $cases: League of Women Voters v. DHS |
| Sep 30, 2025 | The Cybersecurity and Infrastructure Security Agency confirms it is withdrawing support from MS-ISAC, the security collaboration program for local and state election agencies that it had threatened to defund in August. | |
| Sep 30, 2025 | A district court judge dismisses a lawsuit brought by Kansas Attorney General Kris Kobach to block Governor Laura Kelly from sharing the state’s SNAP beneficiary information with the USDA. | |
| Oct 1, 2025 | Despite having "grave concerns about federal overreach,” a South Carolina judge refuses to block the state election commission from providing voter information to the Department of Justice while the commission works to establish an agreement on what safeguards will be put in place for the use of the data (Crook v. SC Election Commission). | $cases: Crook v. SC Election Commission |
| Oct 3, 2025 | WIRED reports that ICE is planning to expand social media surveillance, making preparations to staff two 24/7 centers with analysts who will review social media platforms and develop profiles that can be used to assist the agency with arrests. | |
| Oct 3, 2025 | The American Federation of Government Employees (AFGE), the largest government union, sues the Department of Education over the administration’s unauthorized use of agency systems to replace employees’ out-of-office messages with political text blaming Democrats for the government shutdown (AFGE v. DOE). | $cases: American Federation of Government Employees v. Department of Education |
| Oct 9, 2025 | The Department of Labor plans to pilot a platform to collect unemployment insurance claims as it considers creating a national database of such claims, moving the responsibility from individual states and expanding the federal government’s access to highly sensitive personal data. | |
| Oct 10, 2025 | The California Faculty Association (CFA) sues the California State University (CSU) system to block the board of trustees from giving faculty members’ personal information to federal agencies without first providing notice and an opportunity to challenge the release. The lawsuit in the Los Angeles Superior Court was brought after CSU shared data about 2,600 staff from its Los Angeles campus with the Equal Employment Opportunity Commission as part of an investigation of alleged antisemitism (CFA v. Cal State). | $cases: California Faculty Association v. Board of Trustees of Cal State University |
| Oct 10, 2025 | Cybersecurity and Infrastructure Security Agency (CISA) employees within the Department of Homeland Security are among approximately 4,200 federal workers laid off during the ongoing government shutdown. This is in addition to employees being pushed out through mandatory relocation orders, often to roles and divisions outside their areas of expertise. | |
| Oct 14, 2025 | Representative Eric Swalwell (D-CA), Ranking Member of the House Subcommittee on Cybersecurity and Infrastructure Protection, sends a letter (PDF) to the acting director of CISA requesting information about the state of CISA’s workforce, including demanding an end to efforts to cut its size. Swalwell cites concerns about insufficient personnel to ensure the nation’s cybersecurity. | |
| Oct 15, 2025 | Judge Cheney grants a preliminary injunction to keep 22 states from sharing sensitive data about SNAP beneficiaries with the Department of Agriculture, even as 27 states already shared this information for over 15.7 million people, representing 38% of SNAP enrollees (California v. USDA). | $cases: California v. USDA |
| Oct 16, 2025 | Three major labor unions sue the Trump administration over its massive inter-agency effort to continuously surveil the social media activities of more than 55 million visa holders and silence those who express dissent (UAW v. Department of State). | $cases: UAW v. Department of State |
| Oct 27, 2025 | Federal judge Jamal Whitehead cancels the DOJ subpoena for employee, billing, and patient data from telehealth provider QueerDoc, including data about which patients received puberty blockers or hormone therapy (QueerDoc v. DOJ). | $cases: QueerDoc v. DOJ |
| Oct 29, 2025 | IRS documents reveal that ICE requested information about 1.27 million taxpayers, more than 47,000 of whom the IRS deemed matches for people ICE was seeking (Center for Taxpayer Rights v. IRS). | $cases: Center for Taxpayer Rights v. IRS |
| Oct 31, 2025 | DHS formalizes and expands the use of its Systematic Alien Verification for Entitlements (SAVE) tool to purge state voter rolls of suspected noncitizens. SAVE relies on notoriously patchy and unaccountable datasets and was not designed for voter verification; it could bar many US citizens from voting and expose their data to breaches and misuse. | |
| Oct 31, 2025 | Two nonprofit organizations, Campaign Legal Center and American Oversight, sue DHS, the Social Security Administration, and USCIS for information on the transformation of the Systematic Alien Verification for Entitlements (SAVE) tool into a consolidated — but dangerously incomplete — voter verification system (Campaign Legal Center v. SSA, Campaign Legal Center v. USCIS, Campaign Legal Center v. DHS and USCIS). | $cases: Campaign Legal Center v. Social Security Administration; Campaign Legal Center v. Citizenship and Immigration Services; Campaign Legal Center v. DHS and Citizenship and Immigration Services |
| Oct 31, 2025 | 404 Media publishes a Department of Homeland Security document stating that DHS agents will not permit anyone to refuse to have their faces scanned by ICE and CBP agents using Mobile Fortify, a facial recognition app that will store images for 15 years. | |
| Oct 31, 2025 | The CFPB fails an annual cybersecurity audit (PDF) conducted by the Federal Reserve’s Office of Inspector General, receiving a score of 2 out of 5, down from 4 the previous year. The audit says staff departures and reduced contractor support contributed to the agency’s cybersecurity failures. | |
| Nov 3, 2025 | DHS proposes a rule (PDF) that vastly expands the agency’s collection of biometric data, including face and iris scans, voice prints, and DNA. Under the proposed rule, DHS will require biometrics from applicants, as well as any “sponsor, supporter, derivative, [or] dependent” associated with a request. | |
| Nov 3, 2025 | The Trump administration terminates the acting inspector general of the Federal Housing Finance Agency (FHFA) following his participation in an investigation into whether FHFA director Bill Pulte improperly obtained Democratic officials’ mortgage records. This follows the October firings of the chief ethics officer and a dozen members of the ethics and investigations unit at mortgage company Fannie Mae, which is overseen and regulated by the FHFA. | |
| Nov 6, 2025 | Democratic Senators Alex Padilla (CA) and Dick Durbin (IL) send a letter (PDF) to Attorney General Pam Bondi objecting to the DOJ’s attempts to collect voter roll data and seeking answers about how the department is responding to privacy and security concerns. | |
| Nov 7, 2025 | The Congressional Budget Office (CBO) confirms its networks were breached by foreign hackers who accessed a server with security vulnerabilities that were left unpatched after the federal government shut down on October 1, 2025. | |
| Nov 12, 2025 | A group of 40 congressional Democrats urge 19 Democratic governors to block ICE’s access to a law enforcement database of drivers license and registration information, which ICE and DHS have used for almost 900,000 searches in the year prior to October 1, 2025. | |
| Nov 12, 2025 | The Social Security Administration (SSA) publishes an official notice (PDF) that it will share citizenship and immigration information with DHS, corroborating reports that it has been sharing this data. | |
| Nov 17, 2025 | Despite being “troubled” by changes to the Systematic Alien Verification for Entitlements (SAVE) system — a federal immigration database that some states have started using for voter verification — federal judge Sparkle L. Sooknanan declines to block the changes, finding that the plaintiffs have not shown evidence of irreparable harm (League of Women Voters v. DHS). | $cases: League of Women Voters v. DHS |
| Nov 18, 2025 | 404 Media reports that an ICE contractor is launching a pilot program to enlist members of the general public to physically locate immigrants for a payment of $300 per verified address. | |
| Nov 18, 2025 | The Equal Employment Opportunity Commission (EEOC) sues the University of Pennsylvania to enforce a subpoena for the contact information of Jewish employees who participate in campus Jewish life or have filed complaints of discrimination (EEOC v. University of Pennsylvania). | $cases: EEOC v. University of Pennsylvania |
| Nov 18, 2025 | As chief election officials, ten Democratic secretaries of state ask the administration (PDF) to clarify the “misleading and at times contradictory” information it has provided about how it is using and managing the state voter roll data it requested. | |
| Nov 20, 2025 | The Federal Communications Commission (FCC) votes to reduce cybersecurity oversight of telecommunications companies by eliminating rules the Biden administration put in place after 2024’s catastrophic Salt Typhoon hacks of Verizon, AT&T, and Lumen Technologies. | |
| Nov 20, 2025 | The AP reveals that the US Border Patrol is using license plate readers to collect data on driving patterns and sharing that data with local police across the US, resulting in people getting stopped, searched, or detained because their driving patterns are deemed “suspicious.” | |
| Nov 21, 2025 | Federal judge Mark Kearney blocks most of the DOJ’s subpoena for sensitive information about patients who sought gender-affirming care at Children’s Hospital of Philadelphia, finding that the children’s privacy interests outweigh the DOJ’s need for the information (In Re: Subpoena No. 25-1431-014). | $cases: Challenge to DOJ Subpoena of Children’s Hospital of Philadelphia |
| Nov 21, 2025 | Judge Kollar-Kotelly orders the IRS to stop sharing taxpayer addresses with ICE, finding that this aspect of the agencies’ data-sharing arrangement is “likely unlawful” and agreeing with the plaintiffs’ claim that immigrants are at “imminent risk” of their addresses being “impermissibly used by ICE for civil immigration enforcement” (Center for Taxpayer Rights v. IRS). | $cases: Center for Taxpayer Rights v. IRS |
| Nov 21, 2025 | The Centers for Medicare and Medicaid Services (CMS) issues an official notice that it will share Medicaid enrollee data received from states with DHS and ICE “effective immediately.” The notice comes months after news reports that CMS shared Medicaid data with DHS in June 2025 over the legal and ethical objections of some CMS officials. | |
| Nov 24, 2025 | Democratic members of the Senate Banking Committee write to CFPB Acting Director (PDF) Russell Vought about the agency’s failed cybersecurity audit, demanding a list of cybersecurity-related contracts canceled by the administration and saying the CFPB is no longer equipped to “protect the sensitive personal information of American consumers and businesses.” | |
| Nov 25, 2025 | Representative Eric Swalwell (D-CA) files suit (PDF) against Federal Housing Finance Agency (FHFA) Director Bill Pulte, claiming that Pulte illegally obtained and used Swalwell’s mortgage records to retaliate against him for opposing President Trump. Swalwell is one of multiple Trump critics referred to the DOJ for mortgage fraud (Swalwell v. Pulte). | $cases: Swalwell v. Pulte |
Scan this QR code to view this page on Unbreaking.