(Washington, August 1) - Ranking Member Edward J. Markey (D-Mass.) today sent a letter to Small Business Administration (SBA) Administrator Kelly Loeffler demanding answers regarding the unprecedented collection of private user data by the so-called Department of Government Efficiency (DOGE). On July 30, 2025, Wired reported that unvetted DOGE operatives gained wide-ranging access to SBA’s information systems and the National Finance Center (NFC), which contain the private personal information of small business owners and Americans across the country.
In February, Ranking Member Markey wrote to SBA Acting Administrator Everett Woodel, Jr. requesting information on early reports that DOGE had gained access to SBA’s information systems. The response was dismissive. In addition, during Administrator Loeffler’s May 21, 2025, testimony before the Small Business and Entrepreneurship Committee, she stated that she was “proud that we are working alongside the DOGE team, who are not partisan, but patriots and business leaders who care about the future.” However, it is clear Administrator Loeffler allowed DOGE to run rampant, stomping on the right to privacy and government accountability.
In the letter, Ranking Member Markey writes, “Recent reporting suggests that my worst fears about the collection and nefarious repurposing of Americans’ private, personal information by the Department of Government Efficiency (DOGE) have been realized. Under your watch, unvetted DOGE employees with no background in data security protocols appear not only to have gained access to the Small Business Administration’s (SBA) information systems but used that access to infiltrate the National Finance Center (NFC), which holds personally identifiable information (PII) collected from several federal agencies. Yet you have shown no concern about this undermining of security protocols established by decades-old laws. The American people deserve to know the extent to which unvetted DOGE staffers have accessed their sensitive business and personal information and to what end that information is now being used.”
Ranking Member Markey continues, “Let me be clear: DOGE is not a legitimate government agency. Under no circumstances should any DOGE staffers have access to small business owners’ PII. As SBA Administrator, you are accountable to Congress and to the American people. Concealing what DOGE did at SBA is dangerous, unpatriotic, and an abdication of your responsibility.”
Ranking Member Markey requests answers by August 8, 2025, to the following questions:
- What did DOGE, including Edward Coristine and Donald Park, do with the sensitive information they stole from the SBA and the American people?
- Has DOGE centralized the information stolen from SBA and other federal agencies? If so, where is this data stored? What is the intent behind centralizing Americans’ data?
- What steps did SBA take to authenticate, vet, or supervise DOGE staffers? Were background checks or government credentials verified? If so, what level of clearance did Edward Coristine, Donald Park, and other DOGE staffers hold?
- Did SBA’s general counsel review and offer an opinion on DOGE’s actions with respect to their legality under the Privacy Act, Federal Information Security Modernization Act, the Computer Matching and Privacy Protection Act, and other federal statutes that govern payment systems, privacy protections, interagency data sharing, and federal audit standards?
- What data privacy and protection trainings are SBA employees required to undergo? Did DOGE staffers at SBA undergo the same training?
