A staffer at the Department of Government Efficiency (DOGE) has been found to have breached Treasury policies by emailing unencrypted personal information to two Trump administration officials, according to testimony from a senior government cybersecurity official in a federal lawsuit.

The staffer, Marko Elez, sent a spreadsheet containing personally identifiable information to the officials prior to his resignation in February, following the surfacing of racist social media posts linked to him online. The security lapse was revealed in a court filing on Friday, which included testimony from David Ambrose, the chief security and privacy officer at the Treasury's Bureau of Fiscal Services.

The Treasury conducted a forensic analysis of Elez's department-issued laptop following his resignation, which revealed the security breach. The analysis included a review of his Treasury email account, showing that the data was not encrypted and the email was not approved before it was sent. Ambrose stated that Elez acted "contrary to [the department's] policies" in doing so.

The court filing did not specify what exact data was shared, but described the personal information as including a name (such as a person or entity), the type of transaction, and an amount of money. The incident has raised concerns about the security of sensitive personal and financial data held by the Treasury unit where Elez was posted.

The lawsuit was brought by a coalition of U.S. attorneys general in an effort to block the Trump administration's team of DOGE cost-cutters from accessing highly sensitive personal and financial data on millions of Americans held by the Treasury unit. In response to the filing, the coalition stated that Ambrose's declarations "do nothing to allay any of the concerns" that the states brought "about the rushed and chaotic nature of the Treasury DOGE Team onboarding process."

Notably, Elez was rehired in March and now works at the Social Security Administration, a person familiar with personnel matters told TechCrunch. This has sparked further concerns, as a federal court is also considering blocking DOGE from accessing systems at the Social Security Administration that hold sensitive information on Americans.

Elez did not return TechCrunch's request for comment on the matter. The incident highlights the importance of data security and the need for strict adherence to policies and protocols when handling sensitive information.

The implications of this breach are far-reaching, and the incident serves as a reminder of the potential risks associated with inadequate data security measures. As the government continues to grapple with the challenges of protecting sensitive information, this incident is likely to spark further scrutiny and calls for reform.

In conclusion, the breach of Treasury policies by Marko Elez is a stark reminder of the importance of data security and the need for accountability in government agencies. As the lawsuit and subsequent investigations unfold, it remains to be seen what measures will be taken to address the concerns raised by this incident.