Two House Democrats told federal court in January 2026 that DOGE’s handling of Social Security Administration data “could very well be the largest data breach in our nation’s history.” The federal privacy lawsuit accuses DOGE of illegally accessing SSA records belonging to most living Americans.
Court filings show the SSA itself can’t confirm what data was stored on an unsecured third-party server where DOGE allegedly uploaded a live copy of its database. Court records show DOGE signed an agreement with an outside political advocacy group, nominally to find voter fraud, granting that group access to the records.
In March, Iranian hacking group Handala wiped tens of thousands of Stryker devices by hijacking the company’s own Microsoft Intune administrator account. The U.S. government attributed the attack to an arm of Iranian intelligence. The breach hit Stryker’s Q1 earnings.
Then in April, the FBI declared a “major cyber incident,” triggering mandatory congressional notification, after Chinese hackers breached its surveillance network and exposed the phone numbers of active federal wiretap targets.
Government actors, an Iranian intelligence arm, and Chinese state hackers all found different angles into U.S. data infrastructure in a single quarter. DOGE dismantled internal access controls. Iran weaponized a company’s own device-management tools. China read who the FBI was watching. The threat isn’t just from foreign adversaries.
DOGE litigation is pending before federal court. The Justice Department’s formal Stryker attribution starts the clock on potential sanctions against Iranian operators.
— James Okafor