DGE A.I CyberSecurity Scoring
DGE
Company Information
Website:https://doge.gov/
Employees number:7
Number of followers:0
NAICS:92
Industry Type:Government Administration
Homepage:doge.gov
DGE Risk Score (AI oriented)
Between 750 and 799
DGEGovernment Administration
Updated:
09/03/2026
09/03/2026
794/1000
Fair
Baa
DGE Global Score (TPRM)
xxxx
DGEGovernment Administration
Score locked

DGEFair
Current Score
794Baa (FAIR)
01000
1 incidents
0 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
795
JUNE 2026
795
MAY 2026
795
APRIL 2026
795
MARCH 2026
794
FEBRUARY 2026
794
JANUARY 2026
794
DECEMBER 2025
794
NOVEMBER 2025
794
OCTOBER 2025
793
SEPTEMBER 2025
793
AUGUST 2025
793
MARCH 2025
806
Vulnerability
01 Mar 2025 • DGE
Chainlit, Ingram Micro, U.S. Department of Government Efficiency, Canadian Investment Regulatory Organization and SK Telecom: Breach Roundup: DOGE Uploaded Social Security Data to Cloud
Weekly Cybersecurity Breach Roundup: DOGE Data Exposure, CIRO Phishing Attack, and Rising Threats
791
CRITICAL-15
THEINGDEPCIRTIM1769124673
Weekly Cybersecurity Breach Roundup: DOGE Data Exposure, CIRO Phishing Attack, and Rising Threats
This week’s cybersecurity landscape saw multiple high-profile incidents, including unauthorized data sharing by the U.S. Department of Government Efficiency (DOGE), a massive phishing breach in Canada, and a surge in critical vulnerabilities.
### U.S. DOGE Staff Exposed Social Security Data via Unauthorized Cloudflare Server
Federal prosecutors confirmed that staff from Elon Musk’s Department of Government Efficiency (DOGE) uploaded sensitive Social Security Administration (SSA) data to an unauthorized Cloudflare server in March 2025. The breach, first reported by a whistleblower in August, involved employees sharing data via third-party links between March 7 and 17. The SSA remains uncertain whether the data was removed from Cloudflare.
The incident is part of ongoing litigation over DOGE’s activities at the SSA, which critics claim wasted $21.7 billion. Prosecutors also revealed that a DOGE employee signed an agreement with a political advocacy group seeking voter fraud evidence, potentially linking SSA data to voter rolls. Two DOGE employees were referred to the U.S. Office of Special Counsel for possible Hatch Act violations, which prohibit federal employees from partisan activities.
Additionally, a DOGE team member sent an encrypted file believed to contain names and addresses of 1,000 individuals to the Department of Homeland Security and a DOGE advisor at the Department of Labor. The SSA has been unable to decrypt the file. Another DOGE employee continued accessing the "Numident" database containing Social Security card applications and death records despite a court order revoking access.
### Canadian Investment Regulatory Organization (CIRO) Phishing Breach Affects 750,000 Investors
The Canadian Investment Regulatory Organization (CIRO) disclosed a phishing attack in August 2025 that exposed sensitive data of approximately 750,000 investors. Compromised information includes names, contact details, dates of birth, Social Insurance numbers, government-issued IDs, investment account numbers, and account statements. CIRO confirmed that login credentials, passwords, and security questions were not accessed.
### UK NCSC Warns of Rising Russia-Aligned Hacktivist DDoS Attacks
The UK’s National Cyber Security Centre (NCSC) issued an alert about increased denial-of-service (DDoS) attacks by Russian-aligned hacktivist groups, including NoName057(16). Targets include government bodies, local authorities, and critical infrastructure operators. The NCSC advised organizations to strengthen defenses with traffic filtering, web application firewalls, and rate-limiting policies.
### Ingram Micro Ransomware Attack Exposes 42,000 Employee Records
IT distributor Ingram Micro suffered a July 2025 ransomware attack by the SafePay gang, which stole 3.5 terabytes of data, including names, birthdates, Social Security numbers, passport details, and employment records. The breach affected 42,521 individuals. Ingram took systems offline to contain the attack, causing service disruptions before restoring operations by July 9. SafePay later published the stolen data after Ingram refused to pay the ransom.
### CVE Disclosures Surge 21% in 2025
Vulnerability disclosures reached 48,185 in 2025 a 20.6% increase from the previous year with 3,984 critical and 15,003 high-severity flaws. December alone accounted for 5,500 CVEs, while February 26 saw a record 793 disclosures in a single day. Nearly 30% of exploited vulnerabilities were weaponized within one day of disclosure, and 25.8% lacked analysis in the National Vulnerability Database, complicating mitigation efforts.
### SK Telecom Challenges $91 Million Data Leak Fine
South Korea’s SK Telecom is contesting a $91 million fine the largest ever imposed by the country’s privacy watchdog after a 2025 data breach exposed all 23 million of its mobile subscribers. The delayed disclosure led to a broader investigation, prompting SK Telecom to offer free USIM replacements. A ransomware group, CoinbaseCartel, later claimed responsibility, alleging it stole source code, project files, and AWS keys via a compromised Bitbucket account.
### Critical Chainlit Vulnerabilities Expose AI Data and Cloud Infrastructure
Security researchers at Zafran Labs disclosed two critical flaws in the open-source AI framework Chainlit (CVE-2026-22218 and CVE-2026-22219). The vulnerabilities allow arbitrary file reads and server-side request forgery (SSRF), enabling attackers to access sensitive data, including AI prompts and credentials, and probe internal networks. Chainlit released patches to address the issues.
### North Korean Hackers Abuse Microsoft VS Code for Malware Delivery
North Korean threat actors expanded their "Contagious Interview" campaign, using Microsoft Visual Studio Code to execute malware via malicious Git repositories. Victims are tricked into opening projects that automatically run attacker-controlled commands, deploying the EtherRAT macOS trojan. The group has also leveraged developer-friendly platforms like Vercel for command-and-control infrastructure.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for DGE ??
What was DGE's A.I Rankiteo Cyber Score in June 2026 ??
What was DGE's A.I Rankiteo Cyber Score in May 2026 ??
What was DGE's A.I Rankiteo Cyber Score in April 2026 ??
What was DGE's A.I Rankiteo Cyber Score in March 2026 ??
What was DGE's A.I Rankiteo Cyber Score in February 2026 ??
What was DGE's A.I Rankiteo Cyber Score in January 2026 ??
What was DGE's A.I Rankiteo Cyber Score in December 2025 ??
What was DGE's A.I Rankiteo Cyber Score in November 2025 ??
What was DGE's A.I Rankiteo Cyber Score in October 2025 ??
What was DGE's A.I Rankiteo Cyber Score in September 2025 ??
What was DGE's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on DGE's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with DGE ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view DGE's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?