1. United States
2. Fla.
3. Letter

I am writing to express my deep concern regarding recent cybersecurity incidents involving the social media platform X and DOGE, particularly the potential interconnections between these events. On March 10, 2025, X experienced a significant cyberattack, which owner Elon Musk described as “a massive cyberattack” potentially orchestrated by “a large, coordinated group and/or a country.” The hacker group known as the Dark Storm Team has publicly claimed responsibility for this attack. Recent developments have raised alarms about DOGE’s internal security protocols: • Unauthorized Permissions: In an affidavit, Joseph Gioeli III, Deputy Commissioner of Transformation and Modernization at the Treasury Department’s Bureau of the Fiscal Service, revealed that Marco Elez was mistakenly granted “read/write permissions instead of read-only,” leading to unauthorized access to sensitive data. • Public Exposure of Sensitive Tools: During late February, DOGE staffer Jordan Wick, associated with the Executive Office of the President and embedded in the GSA, posted code on his public GitHub page. These tools included one designed to automatically download direct messages from Twitter accounts and another aimed at collecting sensitive data from government agency organizational charts. Such tools could potentially be used to gather data for AI models, raising concerns about privacy and misuse of information. Wick has since set his GitHub account to private. The convergence of these events is troubling: • Data Security Risks: The unauthorized access to sensitive government data by DOGE, combined with the cyberattack on X, raises concerns about potential vulnerabilities and the safeguarding of critical information. With that in mind, please let me know the following; 1. Investigation Status: Has a formal investigation been launched into the cyberattack on X and the Dark Storm Team’s claim of responsibility to insure no government was involved? 2. Impact on Government Accounts: Given Musk’s statement about the cyberattack’s scale and sophistication, is there evidence to suggest that DOGE’s official X accounts or any associated government accounts were compromised during this incident? 3. Internal Security Measures: What steps are being taken to address the internal security lapses within DOGE, such as the unauthorized access to sensitive government data and the public exposure of potentially sensitive tools by staff members? 4. Data Protection Protocols: How is DOGE ensuring the protection of sensitive government data, especially in light of these recent security concerns? 5. Security of Wick’s Activities: Has an investigation been initiated to assess whether Jordan Wick’s uploading of potentially sensitive tools to his public GitHub account compromised any government data, especially considering the possibility that he may have used the same computer for both official and personal activities?