OPM watchdog to investigate IT risks tied to DOGE’s agency access

The Office of Personnel Management’s internal watchdog will investigate potential cybersecurity and privacy risks tied to the Department of Government Efficiency’s recent inroads into various agency IT systems, according to a letter made public Monday.

OPM, known colloquially as the government’s “human resources department” that manages troves of personal data on millions of federal employees, has become a flashpoint in just the first two months of Donald Trump’s second presidency. DOGE, which has vowed to shed purported government spending waste, has used OPM as a transmission center to communicate directives and guidance to much of the government’s workforce.

Chief among those uses is OPM’s deployment of a deferred resignation offer to a majority of the federal workforce, which used a dubious emailing system that many say skirted privacy and security norms. Feds have also been asked via that OPM email system to regularly update their managers and DOGE about what business they’ve taken care of each week in bulleted updates. Under similar DOD directives, Pentagon civilians are among those required to respond.

Nextgov/FCW previously reported those OPM emails may have run afoul of the privacy policy for the system used to distribute them because responses were not initially framed as “explicitly voluntary.”

In the letter dated March 7, OPM Deputy Inspector General Norbert Vint said the agency’s watchdog “initiated a new engagement on specific emerging risks at OPM” that were raised in a Feb. 6 letter from Democrats on the House Oversight Committee. 

That letter detailed reporting on various privacy and security norms DOGE staffers may have violated as the cost-cutting entity swiftly made its way into computer networks that house systems like the government’s core payment networks and other sensitive or classified information. 

Vint also told the letter’s signatories that the inspector general’s office “has reviewed your request and incorporated parts of your request into existing work.” One of those concerns centered on what legal authorities were available to allow DOGE workers to access sensitive government systems.

“Several of the concerns you expressed in your letter touch on issues that the OPM OIG evaluates as part of our annual reviews of OPM’s IT and financial systems, and we plan to incorporate those concerns into these existing projects. We have also just begun an engagement to assess risks associated with new and modified information systems at OPM,” Vint wrote.

The ability to access OPM data would be a dream for hackers and scammers because it contains sensitive personal and financial information on millions of federal employees, including Social Security numbers, background checks, security clearance details and other data that could be exploited for identity theft, financial fraud, espionage or blackmail.

It’s not clear how far the investigation will go or how long it will take. Just days into his second term, Trump fired at least a dozen inspectors general at various agencies. OPM and several other agencies have not had a lead inspector general for around 42 days, according to government data viewed at the time of publication.

“Inspectors general must have the independence to carry out their mission free from partisan pressure and threat.That is the only way these government watchdogs can conduct their important work on behalf of the American people,” Rep. Gerry Connolly of Virginia, the lead Democrat on the House Oversight panel, said in a statement. “The work of the Deputy Inspector General and the OPM Office of Inspector General must be allowed to proceed unimpeded.”