Senator Edward J. Markey, the ranking member of the Senate Small Business and Entrepreneurship Committee, has sent a letter to Small Business Administration (SBA) Administrator Kelly Loeffler seeking information about the Department of Government Efficiency’s (DOGE) access to private user data. The request follows a July 30, 2025 Wired report indicating that DOGE operatives, who were not vetted, gained extensive access to SBA’s information systems and the National Finance Center (NFC). These systems hold sensitive personal information belonging to small business owners and other Americans.
Earlier in February, Senator Markey had written to then-Acting SBA Administrator Everett Woodel, Jr., asking for details on initial reports of DOGE’s access. According to Markey, the response was dismissive. In May 2025 testimony before the committee, Administrator Loeffler stated she was “proud that we are working alongside the DOGE team, who are not partisan, but patriots and business leaders who care about the future.” However, Markey criticized this cooperation and expressed concern over privacy violations.
In his letter to Loeffler, Senator Markey wrote: “Recent reporting suggests that my worst fears about the collection and nefarious repurposing of Americans’ private, personal information by the Department of Government Efficiency (DOGE) have been realized. Under your watch, unvetted DOGE employees with no background in data security protocols appear not only to have gained access to the Small Business Administration’s (SBA) information systems but used that access to infiltrate the National Finance Center (NFC), which holds personally identifiable information (PII) collected from several federal agencies. Yet you have shown no concern about this undermining of security protocols established by decades-old laws. The American people deserve to know the extent to which unvetted DOGE staffers have accessed their sensitive business and personal information and to what end that information is now being used.”
He continued: “Let me be clear: DOGE is not a legitimate government agency. Under no circumstances should any DOGE staffers have access to small business owners’ PII. As SBA Administrator, you are accountable to Congress and to the American people. Concealing what DOGE did at SBA is dangerous, unpatriotic, and an abdication of your responsibility.”
Markey has requested answers by August 8 regarding how individuals associated with DOGE—including Edward Coristine and Donald Park—handled sensitive data taken from SBA systems; whether this data has been centralized or stored elsewhere; what steps were taken by SBA in vetting or supervising these individuals; if legal reviews were conducted under relevant privacy laws; and whether all required privacy training was completed.
