A leading data privacy group is suing the Trump administration’s new Department of Government Efficiency and other federal agencies over what the group claims is “the largest and most consequential data breach in U.S. history.”
The Electronic Privacy Information Center seeks to stop DOGE’s collection of data from millions of federal workers and members of the American public, including the sensitive personal information of tens of millions of US citizens. In addition to DOGE, the group’s lawsuit targets the US Office of Personnel Management and its acting director Charles Ezell, and the Treasury Department and Secretary of the Treasury Scott Bessent.
The lawsuit, filed Monday with the US District Court for the Eastern District of Virginia, is the latest in a range of complaints filed against Trump’s team over its plans to slash spending by upending the federal bureaucracy. That includes a similar data privacy suit filed Sunday by the American Federation of Teachers and other labor unions that represent more than two million workers.
EPIC alleges that the Treasury and OPM defendants have administered systems containing “vast quantities” of sensitive personal information, including social security numbers, tax information, and dates of birth, without complying with statutorily required security protections under the Federal Information Security Modernization Act, and that they violated the Privacy Act by disclosing that information.
EPIC also targets DOGE, claiming that the agency led by Elon Musk breached secure government systems and caused the unlawful disclosure of the personal data of tens of millions of people by “directing and controlling” the use of OPM’s Enterprise Human Resources Integration system and Treasury’s Bureau of Fiscal Services payment system.
The OPM and Treasury defendants “manifestly failed to provide and abide by legally required safeguards to protect the information within their systems,” EPIC says.
At the same time, DOGE exceeded the scope of its legal authority by accessing and controlling OPM and Treasury systems, plaintiffs say. These actions violated plaintiffs’ constitutional right to privacy of information, EPIC alleges.
Social security numbers are housed across many of Treasury’s BFS funds processing and payment systems, according to the complaint—meaning that “unauthorized disclosures, modifications, or disruptions to access of the systems” could have severe consequences.
The OPM’s EHRI system, the federal government’s source for federal workforce information, also contains highly sensitive information that includes human resource data, training data, and payroll data, the complaint says.
Spokespeople with OPM, the Treasury Department, and DOGE did not immediately respond to questions about the lawsuit.
EPIC seeks to stop the defendants’ “wrongful provision of access and disclosure” of personal information in OPM’s EHRI system and Treasury’s BFS network, and to halt defendants’ use of OPM and Treasury systems for purposes in excess of system of records notices, privacy impact assessments, and FISMA.
EPIC also seeks to prohibit DOGE from collecting or disclosing personal information found in OPM and Treasury systems; statutory and punitive damages to the plaintiff “Doe 1,” a federal agency employee; and reasonable attorneys’ fees.
The plaintiffs are represented by EPIC in-house counsel, Kaplan Law Firm, and Democracy Forward Foundation.
The case is Elec. Priv. Info. Ctr. v. U.S. Off. of Pers. Mgmt., E.D. Va., No. 1:25-cv-00255, complaint 2/10/25.
To contact the reporter on this story:
To contact the editor responsible for this story:
Learn more about Bloomberg Law or Log In to keep reading:
Learn About Bloomberg Law
AI-powered legal analytics, workflow tools and premium legal & business news.
Already a subscriber?
Log in to keep reading or access research tools.