Government
,
Industry Specific
,
Standards, Regulations & Compliance
Lawmakers Demand Answers After Musk Aides Gain Access to Key Payment Systems

Reports that a Trump administration task force headed by mercurial multi-billionaire Elon Musk gained access to sensitive government systems have rattled the cybersecurity community amid fears of misuse.
Musk leads the Department of Government Efficiency and quickly installed aides at the Office of Personnel Management, who have since locked career civil servants out of critical computer systems, reported Reuters. The White House unit – it’s not a governmental department, notwithstanding the name – also gained access to sensitive Department of Treasury data, including Social Security and Medicare customer payment systems.
A years-long effort to establish proper controls over federal networks could be undermined by Musk’s team violating system safeguards. It’s “unacceptable behavior, no matter how important the tasking,” said Mark Montgomery, senior director of the Center on Cyber and Technology Innovation.
“Working for Elon Musk does not give you some supernatural shield of cyber invulnerability, so rules need to be followed,” Montgomery told Information Security Media Group.
Sen. Ron Wyden, D-Ore., demanded answers from Treasury Secretary Scott Bessent about DOGE’s involvement in key systems in a Friday letter that said the “mismanagement of these payment systems could threaten the full faith and credit of the United States.”
“To put it bluntly, these payment systems simply cannot fail, and any politically-motivated meddling in them risks severe damage to our country and the economy,” Wyden, ranking member of the Senate Finance committee, wrote. “I am deeply concerned that following the federal grant and loan freeze earlier this week, these officials associated with Musk may have intended to access these payment systems to illegally withhold payments to any number of programs.”
Officials told Reuters that senior career employees were shut out of OPM’s data systems, creating “real cybersecurity and hacking implications” that could threaten to expose sensitive information on millions of government workers, from Social Security numbers and home addresses to pay grades and other personal data. Granting access to unvetted individuals with unknown behaviors and unclear purposes makes it significantly harder to detect malicious activity, increasing the risk of undetected intrusions, data exfiltration or pre-positioning, said Michael Daniel, president and CEO of the Cyber Threat Alliance.
Daniel told ISMG the possibility for misuse of the reportedly accessed data is “significant, whether for financial gain, political retaliation, intimidation or other nefarious purposes.” Granting widespread access in violation of established rules not only weakens the U.S. government’s ability to hold others accountable but also provides a defense for noncompliance, as government processes are deliberately slower due to the high stakes and potential for harm, he added.
“I know it’s not a sexy answer, but the right way to protect U.S. government data is for the U.S. government to follow known best practices and policies,” Daniel said. “In this case, following best practices means restricting access to personnel data to those who have a job-related need to use the data for specific purposes.”
The Treasury Department, Office of Personnel Management and DOGE did not respond to multiple requests for comment.