DOGE May Have Misused Social Security Data, DOJ Admits | WIREDSkip to main contentMenuSECURITYPOLITICSTHE BIG STORYBUSINESSSCIENCECULTUREREVIEWSMenuAccountAccountNewslettersSecurityPoliticsThe Big StoryBusinessScienceCultureReviewsChevronMoreExpandThe Big InterviewMagazineEventsWIRED InsiderWIRED ConsultingNewslettersPodcastsVideoMerchSearchSearchSign InSign InMaddy Varner Andy Greenberg Andrew CoutsSecurityJan 24, 2026 6:30 AMSecurity News This Week: DOGE May Have Misused Social Security Data, DOJ AdmitsPlus: The FAA blocks drones over DHS operations, Microsoft admits it hands over Bitlocker encryption keys to the cops, and more.Photograph: Kevin Dietsch/Getty ImagesSave StorySave this storySave StorySave this storyLaw enforcement authorities in the United States have for years circumvented the US Constitution’s Fourth Amendment by purchasing data on US residents that would otherwise need to be obtained by a warrant. Today, Immigration and Customs Enforcement apparently thinks it can ignore long-standing constitutional protection by warrantlessly breaking down doors to arrest people, according to a recent whistleblower complaint—despite recent federal rulings that doing so violates the Fourth Amendment.Such is the news coming out of Minneapolis this week, where protesters and the federal government continued their standoff—even as ICE plans to build out a deportation network spanning Minnesota and four other states. And despite the Department of Homeland Security’s claims that merely naming an ICE agent publicly is akin to “doxing,” a WIRED review of LinkedIn found that agents are frequently doxing themselves. Of course, having access to someone’s personal information can have consequences: A report this week found that people are less likely to seek medical care due to ad-tech surveillance and ICE enforcement activities.Immigration authorities aren’t just raiding people’s homes without a judge-signed warrant—they’re also looking for drugs. Customs and Border Protection this week put out feelers for a “quantum sensor” that’s capable of detecting fentanyl that ties into an “AI database.”In non-immigration news, a researcher recently discovered an unsecured database containing 149 million login credentials. The usernames and passwords appear linked to accounts for everything from Gmail, Facebook, and Apple to government systems around the world. The researcher who found the database, Jeremiah Fowler, believes the stolen logins were collected by infostealing malware. The database, which was accessible to anyone on the internet, has since been taken offline.TikTok, meanwhile, has begun collecting even more data on its users—including precise location data—after the social video app was sold to US investors.But that’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.DOGE May Have Misused Social Security Data, DOJ AdmitsThe Trump administration this week admitted in court documents that operatives with the so-called Department of Government Efficiency (DOGE) may have shared data from the Social Security Administration (SSA) with an outside group that seeks to “overturn election results in certain states,” according to a January 16 Department of Justice court filing. However, it is not clear to the DOJ whether the unnamed “DOGE Team members” actually shared the data with the group, which was unidentified in the court records.The filing, which seeks to “correct” previous testimony, also says DOGE operatives “were using links to share data through the third-party server ‘Cloudflare,’” which is “not approved for storing SSA data and when used in this manner is outside SSA’s security protocols.” The filing further says that Steve Davis, a high-ranking adviser to Elon Musk, was copied on a March 3, 2025, email that included an attached password-protected file containing the names and addresses of around 1,000 people, which was taken from SSA systems of record. The SSA was not able to determine, however, whether Davis accessed the file, which remained inaccessible to current SSA workers as of the date of the court filing.The FAA Is Creating No-Fly Zones Around DHS OperationsThe Federal Aviation Administration has taken the unusual step of including "Department of Homeland Security facilities in mobile assets" in a "no-fly zone" announcement, 404 Media reports. The notice restricts "unmanned aircraft," which would include commercial drones used to capture aerial footage, from being used within 3,000 feet horizontally and up to 1,000 feet of altitude above DHS assets. According to 404 Media, people caught violating the restrictions could face criminal charges, civil penalties, or even lose their authority to fly drones in the future.Under Armour Investigating Data Breach Claims After Leak of Millions of Customer RecordsIf you're breaking out your thermals in preparation for this weekend's giant winter storm, you might want to check to see if you bought it from Under Armour. TechCrunch reports that the clothing and fitness app company is investigating a potential data breach after a hacker posted millions of customer records online. The data breach notification site Have I Been Pwned informed 72 million individuals by email about the leak and says that the dataset included names, email address, genders, dates of birth, approximate location, and information related to purchases. An Under Armour spokesperson told TechCrunch that the company was aware of claims about the breach, had engaged "external cybersecurity experts" for help, and did not have evidence that the issue affected systems to process payments or store customer passwords.Microsoft Confirms It Hands Out Bitlocker Encryption Keys to CopsWhen you encrypt your laptop’s hard drive, you likely expect that means only you, the computer’s owner, will be able to decrypt it at will and access your data. If you follow Microsoft’s recommendation of storing your decryption key in the cloud for easier recovery of your data if you lose the key or forget your password to unlock it, then you you’ll need to update your security expectations: Microsoft has confirmed that it often hands out those decryption keys to law enforcement at an agency’s request, giving them full access to the machine’s secrets. Forbes found an instance when Microsoft complied with an FBI request for decryption keys for a computer in Guam that was part of a fraud investigation. Microsoft went on to confirm to Forbes that it receives about 20 requests for Bitlocker keys a year from law enforcement and often complies. The company added that it can’t comply, however, when the key is stored only locally by the user—an instructive note for cypherpunks everywhere.Iranian State TV Hijacked to Air Anti-Regime Protest MessageThe Iranian government has shut off the country’s internet for weeks amid protests that have swept the country. But anti-regime voices this week found another way to reach the country’s populace: an apparent hacking operation hijacked the country’s state TV satellite to air a message in support of protesters, thousands of whom have died amid the recent uprising. The clip, which featured the son of the former ruler of Iran, Reza Pahlavi, called on military and security forces to join protesters and fight the regime. “Don’t point your weapons at the people,” one graphic in the broadcast read. “Join the nation for the freedom of Iran.” According to some reports, the unauthorized message lasted as long as 10 minutes before the state TV channel resumed its normal programming.You Might Also LikeIn your inbox: Maxwell Zeff's dispatch from the heart of AIThe best EVs coming in 2026Big Story: Your first humanoid coworker will be ChineseWhat to do if ICE invades your neighborhoodSpecial edition: You’re already living in the Chinese centuryWritten by WIRED StaffTopicssecurity roundupImmigration and Customs EnforcementsecurityprivacyencryptioncybersecurityhackingTikTokRead MoreICE Can Now Spy on Every Phone in Your NeighborhoodPlus: Iran shuts down its internet amid sweeping protests, an alleged scam boss gets extradited to China, and more.Former CISA Director Jen Easterly Will Lead RSAC ConferenceThe longtime cybersecurity professional says she’s taking the helm of the legacy security organization at “an inflection point” for tech and the world beyond.The Most Dangerous People on the Internet in 2025From Donald Trump to DOGE to Chinese hackers, this year the internet’s chaos caused outsize real-world harm.Why ICE Can Kill With ImpunityOver the past decade, US immigration agents have shot and killed more than two dozen people. Not a single agent appears to have faced criminal charges.Fears Mount That US Federal Cybersecurity Is Stagnating—or WorseGovernment staffing cuts and instability, including this year’s prolonged shutdown, could be hindering US digital defense and creating vulnerabilities.ICE Agent Who Reportedly Shot Renee Good Was a Firearms Trainer, per TestimonyJonathan Ross told a federal court in December about his professional background, including “hundreds” of encounters with drivers during enforcement actions, according to testimony obtained by WIRED.FBI Agent’s Sworn Testimony Contradicts Claims ICE’s Jonathan Ross Made Under OathThe testimony also calls into question whether Ross failed to follow his training during the incident in which he reportedly shot and killed Minnesota citizen Renee Good.What to Do if ICE Invades Your NeighborhoodWith federal agents storming the streets of American communities, there’s no single right way to approach this dangerous moment. But there are steps you can take to stay safe—and have an impact.AI’s Hacking Skills Are Approaching an ‘Inflection Point’AI models are getting so good at finding vulnerabilities that some experts say the tech industry might need to rethink how software is built.The Worst Hacks of 2025From university breaches to cyberattacks that shut down whole supply chains, these were the worst cybersecurity incidents of the year.The New Surveillance State Is YouPrivacy may be dead, but civilians are turning conventional wisdom on its head by surveilling the cops as much as the cops surveil them.Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and TrackingFlaws in how 17 models of headphones and speakers use Google’s one-tap Fast Pair Bluetooth protocol have left devices open to eavesdroppers and stalkers.WIRED is obsessed with what comes next. Through rigorous investigations and game-changing reporting, we tell stories that don’t just reflect the moment—they help create it. When you look back in 10, 20, even 50 years, WIRED will be the publication that led the story of the present, mapped the people, products, and ideas defining it, and explained how those forces forged the future. WIRED: For Future Reference.SubscribeNewslettersTravelFAQWIRED StaffWIRED EducationEditorial StandardsArchiveRSSSite MapAccessibility HelpReviewsBuying GuidesStreaming GuidesWearablesCouponsGift GuidesAdvertiseContact UsManage AccountJobsPress CenterCondé Nast StoreUser AgreementPrivacy PolicyYour California Privacy Rights© 2026 Condé Nast. All rights reserved. WIRED may earn a portion of sales from products that are purchased through our site as part of our Affiliate Partnerships with retailers. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Condé Nast. Ad ChoicesSelect international siteUnited StatesLargeChevronItaliaJapónCzech Republic & SlovakiaFacebookXPinterestYouTubeInstagramTiktok

The Department of Homeland Security’s (DHS) increasingly aggressive tactics, exemplified by the recent admission regarding the “Department of Government Efficiency” (DOGE) team, highlight a troubling trend of circumventing constitutional protections. This admission, revealed in a January 16th court filing, indicates that ICE operatives, operating under the guise of DOGE, engaged in sharing Social Security Administration (SSA) data with an unidentified group allegedly aiming to overturn election results in several states. This raises serious concerns about the potential abuse of power and the erosion of civil liberties. The use of Cloudflare, an unapproved platform for storing SSA data, further underscores the agency’s disregard for established security protocols.

Beyond this specific incident, the DOJ’s acknowledgment reflects a broader pattern of DHS actions. The agency’s attempts to frame public scrutiny of its agents as “doxing,” a term often used to discredit legitimate concerns, reveals a strategy to stifle dissent and limit transparency. The DOJ’s attempt to “correct” previous testimony demonstrates a deliberate effort to conceal information and manage public perception.

Several related developments further exacerbate these anxieties. The FAA’s establishment of a “no-fly zone” around DHS facilities, utilizing unmanned aircraft restrictions, signals a heightened level of security preparedness, but also raises concerns about potential surveillance capabilities. The investigation into Under Armour’s data breach, revealing the exposure of millions of customer records including names, email addresses, and purchase history, exemplifies the pervasive nature of data breaches and the risks associated with storing sensitive information.

Furthermore, Microsoft’s admission of routinely handing out Bitlocker encryption keys to law enforcement agencies highlights a significant security vulnerability. The practice, often implemented at the request of law enforcement, allows agencies access to the encryption keys needed to unlock computers, effectively giving them a backdoor into individuals' data. This underscores the potential for misuse and raises questions about accountability.

The cybersecurity landscape is increasingly complex and fraught with risk. The discovery of massive, unsecured databases, like the one detailing 149 million login credentials, reflects a systemic issue of data vulnerability and a lack of robust security practices. The threat posed by sophisticated actors, such as Chinese hackers, adds another layer of urgency.

Finally, the ongoing disruptions caused by government shutdowns and staffing shortages within agencies like CISA contribute to a weakened state of cybersecurity preparedness. The DOJ’s attempt to manage public perception—particularly in the wake of ICE agent Jonathan Ross's controversial actions—only serves to amplify these concerns. The fact that Ross was a firearms trainer, and had "hundreds" of encounters with drivers during enforcement actions, creates further questions regarding agency oversight and the potential for escalation of force situations.

Ultimately, these events collectively paint a picture of a security apparatus operating with insufficient accountability, potential disregard for constitutional protections, and a reliance on evolving, potentially vulnerable technologies.