SBA spokesperson Caitlin O’Dea says, “As federal employees, all personnel are subject to a rigorous clearance protocol prior to interacting with agency data. SBA is grateful to those who have helped uncover millions in fraud, waste, and abuse on behalf of American taxpayers and small businesses.”
“Oversight Democrats demand to know if this kid—and any of the DOGE employees shuffling through Americans’ sensitive data—have passed the required background checks and clearances. DOGE continues to put the whims of the White House over the safety, security, and well-being of the American people and our nation,” Stephen Lynch, member of the House Oversight Committee, tells WIRED in a statement.
The White House did not respond to a request for comment.
Shortly after Kucharski’s initial request, Park sent an email to Coristine with the subject line, “List of systems.” Coristine then forwarded this request to Kucharski. An hour after that, Coristine emailed another SBA employee with the subject line, “RE: Access to Oracle & SQL Server Databases.”
This appears to have put Coristine in position to potentially access significant amounts of sensitive personal information. The SBA supports small businesses and entrepreneurs by helping them access loans, government contracts, and business counseling and educational resources. As part of its routine processes, according to a current SBA employee who asked not to be named because they are not authorized to speak to the press, “we collect a lot of data, like employer identification numbers (EINs), North American Industry Classification System (NAICS) numbers, and Social Security numbers.”
Coristine would likely have had access to this sort of information because he was, according to emails obtained by WIRED, granted access to records and systems including the Capital Access Financial System (CAFS), the SBA’s main portal for submitting and servicing loans His access further encompassed several CAFS subsystems that can contain granular information on loans and loan applications.
“Each one on its own doesn’t have boatloads of information, but added together, the CAFS system as a whole, if you flip between the tabs, has all of the information from loan applications, street addresses, tax IDs, additional notes from SBA investigations and holds, etc.,” says a second SBA source familiar with some of the systems Coristine and Park had sought to gain access to, also on the condition of anonymity as they were not authorized to speak to the press.
Additionally, the source says, CAFS does have fields for citizenship status and for an alien registration number for noncitizens, as well as, the street address of the business, race, gender of the person listed as principal.
Though agencies will sometimes loan staffers to each other for specific projects or to share particular expertise, Moynihan says that a single person or group of people “operating in multiple agencies, accessing multiple data sets at the same time is really unusual.”
“I can’t think of another example like this,” he says.
While the emails reveal little about the purpose of DOGE’s access to these systems at SBA and NFC, Moynihan says, “the sensitivity of the data leads us to worry about the worst case scenario.”
In April, WIRED reported that DOGE was marrying datasets across several agencies to support the Trump administration’s immigration agenda, and to particularly target immigrants for removal or other forms of law enforcement.
“We’re left speculating what the intention was here, given the information vacuum created by DOGE,” says Moynihan.
