Van Hollen, Warren, Colleagues Slam Education Department’s “Woefully Inadequate,” “Misleading” Response to Senate Inquiry on DOGE’s Access to Borrower’s Personal Information

U.S. Senator Chris Van Hollen (D-Md.) joined Senator Elizabeth Warren (D-Mass.), Ranking Member of the Senate Committee on Banking, Housing, and Urban Affairs (BHUA), and 12 of their colleagues, including Senate Minority Leader Chuck Schumer (D-N.Y.), in writing a letter to Acting Secretary of Education Denise Carter, raising concerns about the Department of Education’s (ED; the Department) response to their inquiry into the Department of Government Efficiency’s (DOGE) access to millions of student loan borrowers’ personal data. Earlier this week, a federal court blocked DOGE’s access to sensitive ED databases with borrower information.

The letter was joined by Senators Cory Booker (D-N.J.), Richard Durbin (D-Ill.), Ed Markey (D-Mass.), Jeff Merkley (D-Ore.), Ben Ray Luján (D-N.M.), Angela Alsobrooks (D-Md.), Alex Padilla (D-Calif), Richard Blumenthal (D-Conn.), Mazie Hirono (D-Hawaii), Tina Smith (D-Minn.), Ron Wyden (D-Ore.), and Peter Welch (D-Vt.).

“[T]he Department’s response was woefully inadequate, may have contained misleading information, and raised new concerns about the nature and extent of DOGE’s access to the Department’s internal systems,” wrote the senators. 

ED’s response to the senators’ initial letter failed to answer basic questions about DOGE’s access to student loan borrowers’ personal data. 

• The Department refused to confirm or deny whether DOGE had been granted access to the National Student Loan Data System or other databases with sensitive federal student loan data. 
• ED claimed it was committed to following “applicable laws and regulations” regarding management of borrower data, but it did not provide any information about if, how, why, by whom, and to what extent DOGE was granted access to these databases. 
• While ED said the DOGE team was onboarded through the proper processes, “including background investigation and system access authorization,” additional information indicates that at least one DOGE employee granted access “ha[d] not yet completed ethics or information security trainings” according to a declaration submitted in federal court two days before ED’s response. 

ED also shared new information about the extent of DOGE’s access to other sensitive databases, saying that DOGE “is currently supporting a review of Department and Federal Student Aid (FSA) contracts to identify possible efficiencies…To support this work, one employee had read-only access to two of FSA’s internal systems.” But the Department failed to provide full and declarative information about which DOGE or ED employees had access to which datasets, what they were doing with that access, whether any data is being fed through Artificial Intelligence systems, and why one employee’s access to FSA’s internal systems was revoked. 

ED also failed to provide information on how it intends to ensure data at the department is not compromised or misused, saying only that “robust protections in place to ensure data are secure,” but not providing specifics. 

“The Department’s evasive response, in addition to the recent news that a federal judge has blocked ED from sharing sensitive data with DOGE due to potential violations of federal law, heightens our concerns about whether ED may have violated the law or the federal government’s procedures in handling this data,” concluded the lawmakers. 

The 15 senators pressed the Acting Secretary to provide more information about DOGE employees’ or affiliates’ access to ED’s databases, the safeguards in place to protect federal student loan data, the status of DOGE’s work at the department, and more by March 5, 2025. 

Full text of the letter is available here and below:

Dear Acting Secretary Carter:

On February 7, 2025, we wrote to the Department of Education (ED or the Department) regarding reports that Elon Musk’s Department of Government Efficiency (DOGE) had infiltrated the Department and gained access to millions of student loan borrowers’ personal data.1 Our letter raised concerns about whether officials who had access to the data may have violated the law or the federal government’s procedures for handling sensitive information—and whether DOGE employees had accessed other sensitive databases too. The Department responded to our inquiry on February 18, 2025. Following news that a federal judge has granted a temporary restraining order blocking ED from sharing sensitive data with DOGE, we write now because the Department’s response was woefully inadequate, may have contained misleading information, and raised new concerns about the nature and extent of DOGE’s access to the Department’s internal systems.2

In its response to our letter, ED failed to answer basic questions about DOGE’s access to student loan borrowers’ personal data. The Department refused to confirm or deny whether DOGE had been granted access to the National Student Loan Data System or other databases with sensitive federal student loan data.3 While the Department claimed that it was “committed to adhering to all applicable laws and regulations concerning the management of borrower data,” it neglected to answer any of our questions about if, how, why, by whom, and to what extent DOGE was granted access to borrower data.4 Furthermore, ED said the DOGE team “was onboarded through Department processes, including background investigation and system access authorizations.”5 Yet, according to a declaration submitted in federal court by one DOGE employee two days before the Department’s response, “there are six” DOGE individuals “who have been granted access to Department information technology and data systems” and “one of the six employees…has not yet completed ethics or information security trainings.”6

The Department also shared new information about the extent of DOGE’s access to other sensitive databases, indicating that:

The DOGE is currently supporting a review of Department and Federal Student Aid (FSA) contracts to identify possible efficiencies. … To support this work, one employee had read-only access to two of FSA’s internal systems: the Financial Management System (FMS), which includes financial data for FSA’s Title IV loan and grant programs, and Partner Connect, the primary portal that supports institutions of higher education that participate in the Title IV programs.7

However, this answer was frustratingly vague and incomplete, failing to provide full, complete, and declarative answers about which DOGE or ED employees had access to which datasets and what they were doing with that access. For example, while ED assured us that “[a]ll borrower data remain inside the Department’s network and are not being fed through any Artificial Intelligence system,” ED did not make similar assurances with respect to other data including data in FMS and Partner Connect,8 a troubling gap given that public reports based on multiple sources indicate that “[r]epresentatives from Elon Musk’s U.S. DOGE Service have fed sensitive data from across the Education Department into artificial intelligence software to probe the agency’s programs and spending.”9 Additionally, while the letter notes that one employee had read-only access to FMS and Partner Connect, the letter does not explain whether and to what extent other DOGE employees retain access to these or other databases.10 Alarmingly, the Department also disclosed that the one “employee’s access to the FMS and Partner Connect systems has since been revoked,” raising questions about what happened and why the employee was no longer allowed to view the data.11

Finally, whether in regard to personal student loan borrower data or other financial data pertinent to federal grants and partner institutions, ED failed to provide information on how it intends to ensure ED data is not compromised or misused. Indeed, the Department assured us that it has “robust protections in place to ensure data are secure” but failed to answer any of our questions about what safeguards and procedures are in place to protect this data, whether DOGE officials followed those procedures, and how ED will ensure that DOGE’s interventions “do not interfere with the timely disbursement of federal aid.”12

The Department’s evasive response, in addition to the recent news that a federal judge has blocked ED from sharing sensitive data with DOGE due to potential violations of federal law,13 heightens our concerns about whether ED may have violated the law or the federal government’s procedures in handling this data. Given your failure to answer our questions, we again ask you to provide the following information by March 5, 2025:

1. Have any DOGE- or DOGE-affiliated individuals been provided access to the National Student Loan Data System or other databases with sensitive federal student loan data? If so:

a. Please list all individuals who have gained access to borrowers’ personal data. What are these individuals’ job titles and responsibilities? Are they federal government employees? What is the nature of their service (e.g., Special Government Employee, Competitive Service, Senior Executive Service)?

b. What procedures were followed in giving these individuals access? Did the individuals who were granted access to these systems have appropriate authorization and clearances?

c. What data can these individuals access?

d. Do these individuals have the ability to download or copy data or to modify programs or systems for maintaining and analyzing data?

e. Who decided to give these individuals access?

f. What was the rationale for granting these individuals access?

2. Please describe what safeguards are in place to ensure that federal student loan data is not misused.

a. What safeguards and procedures are in place to protect borrowers’ personal data?

b. Did the Department and DOGE or DOGE-affiliated officials follow these safeguards and procedures? 

c. What safeguards and procedures are in place to protect borrower’s data privacy within the rest of the federal student aid system and ensure that DOGE staffers do not interfere with the timely disbursement of federal aid?

3. Have DOGE or DOGE-affiliated individuals been provided access to any other sensitive databases managed by the Education Department? If so:

a. Please list and describe all those databases.

b. Please list all individuals who have gained access to those databases. What are these individuals’ job titles and responsibilities? Are they federal government employees? What is the nature of their service (e.g., Special Government Employee, Competitive Service, Senior Executive Service)? 

c. What procedures were followed in giving these individuals access? Did the individuals who were granted access to these systems have appropriate authorization and clearances?

d. What data can these individuals access?

e. Do these individuals have the ability to download or copy data or to modify programs or systems for maintaining and analyzing data?

f. Who decided to give these individuals access?

g. What was the rationale for granting these individuals access?

In addition to the aforementioned questions that you failed to answer, please provide the following information to our offices by March 5, 2025: 

1. In your response to our letter, you indicated that “all borrower data” remained inside ED’s network and the data was “not being fed through any Artificial Intelligence system.”14 Is there any ED data, including FSA contracts, that was fed through an artificial intelligence system by DOGE? If so, please provide a complete list of all such data.

2. In your response to our letter, you said that “DOGE is currently supporting a review of Department and Federal Student Aid (FSA) contracts to identify possible efficiencies.”15

a. What findings has this review uncovered thus far?

b. Does DOGE still have access to any FSA contracts or other ED contracts that are not publicly viewable?

c. Has this review led to any changes in FSA’s activities or policies? If so, what specifically has changed? 

d. Are DOGE or DOGE-affiliated officials participating in any other activities in which they have access to sensitive ED data? If so, please describe these activities.

3. You indicated in your response that the singular employee’s access to “FMS and Partner Connect systems has since been revoked.”16

a. Who was the singular employee who received access to both systems?

b. Why was this employee’s access revoked?

c. Was the employee terminated? If so, what was the basis of termination?

d. How long did this employee have access to FMS and Partner Connect systems?

e. Did this employee share data from either or both of these systems with anyone else?

f. Please describe the onboarding for DOGE individuals “through Department processes.”17 How did this onboarding for this employee differ from the onboarding process for other members of the DOGE team?

4. A sworn statement from one of the DOGE employees at ED sheds light on the individuals with access to data from ED. In his declaration, he said there were six individuals, two employees from ED, two from DOGE, and two from other federal agencies.18 He further noted that one of the individuals did not complete their onboarding training prior to gaining access to the Department’s data.19

a. Did all DOGE employees complete required onboarding processes, including background investigation and system access authorizations, prior to accessing sensitive ED databases? If not, how long did any employees have unauthorized access before ED realized those individuals did not have authorization?

b. You provided information on the access provided to one of these six individuals. What ED data or other information do the remaining five DOGE- or DOGEaffiliated employees have?

Thank you for your attention to this important matter.

Sincerely,