Did DOGE cause a data breach during 2025?
Resolves YES if sensitive government data is breached via DOGE. Resolves NO otherwise. This can resolve to a percentage if there is a data breach but it's not clear whether it was caused by DOGE. I will use my judgment to resolve this market and offer the following guidance as to what I am looking for in terms of a data breach. DOGE includes DOGE initiatives, systems, processes, and employees, including cases where DOGE is working with other government departments. This does not include authorized release of sensitive data. It does include data being stolen by adversaries, accidentally published on the internet, or being anonymously leaked to newspapers. Update 2025-02-16: This does not include re-release of data that was publicly available prior to 2025-01-20. This does not include temporary loss of access to data. It does include permanent loss of data due to ransomware, destructive attacks by adversaries, or accidental deletion of data. Update 2025-02-16: data loss lasting for several days can also count as a data breach. This does not include technical breaches of laws or regulations that increased the risk of a breach, if no breach occurs as a result, nobody is prosecuted, and nobody is pardoned. For example, Hillary Clinton's private email server was not a data breach for the purpose of this market. Update 2025-02-16: This does not include temporary website defacement. It does include attackers gaining write access to sensitive data. It does include other data breaches that occurred during a website defacement attack. Update 2025-04-01 (PST) (AI summary of creator comment): Intentional but Unauthorized Release: Even if a data release is intentional, it must be unauthorized to count as a breach. Examples like the Snowden case illustrate that intentional actions can still be breaches if not properly authorized. Government Affiliation Clarification: Although DOGE is part of the government, its actions are not automatically considered authorized. Each incident must be evaluated to determine if the release was unauthorized. Update 2025-04-02 (PST) (AI summary of creator comment): Doge Involvement Clarification: Only breaches directly caused by DOGE count. If another agency releases or publishes sensitive data accidentally or otherwise with no DOGE involvement, it does not qualify as a data breach for this market. Update 2025-05-09 (PST) (AI summary of creator comment): Regarding the compromise of a DOGE employee's personal device (e.g., infected by malware), the following criteria are important for market resolution: Whether the infected device was used for government work. Whether the employee shared credentials with government accounts, and these credentials were potentially exposed or compromised as a result of the device's infection. Update 2026-01-10 (PST) (AI summary of creator comment): Accidental vs. Intentional Publication: The fact that DOGE deleted documents 16 minutes after posting them is evidence that the publication was accidental rather than intentional, which supports counting it as a data breach under the "accidentally published on the internet" criterion. Update 2026-01-14 (PST) (AI summary of creator comment): Timing of Research and Resolution: The creator waited until the market closed to conduct AI-powered research over the entire 12-month period to assess potential data breaches, taking advantage of improving AI capabilities and the possibility that news during the year might make resolution straightforward. Update 2026-01-14 (PST) (AI summary of creator comment): Public Information Exclusion: If the data that was published (such as tax ID, address, and contract information) was already publicly available prior to the incident, it does not count as a data breach for this market's purposes. Update 2026-03-14 (PST) (AI summary of creator comment): Regarding a DOGE staffer taking data for personal use or to share with a future employer: Not a breach: Employee took documents, kept them controlled (e.g., in a garage), returned them with no copies or leaks Breach: Employee took documents and showed them to a future employer or friends Breach: Employee took documents and used them for personal gain Not a breach: Employee uploaded data to a private, password-protected cloud server with clean download records and no unaccounted access Breach: Employee uploaded data to an unprotected or compromised server where access cannot be confirmed or controlled Public disclosure is not required to qualify as a breach (e.g., emailing secrets to a foreign adversary counts).
