Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 1 of 60

UNITED STATES DISTRICT COURT

FOR THE SOUTHERN DISTRICT OF NEW YORK

STATE OF NEW YORK; STATE OF ARIZONA,

STATE OF CALIFORNIA, STATE OF
COLORADO, STATE OF CONNECTICUT, STATE
OF DELAWARE, STATE OF HAWAII, STATE OF
ILLINOIS, STATE OF MAINE, STATE OF
MARYLAND, COMMONWEALTH OF C.A. No. ___25-CV-1144_________
MASSACHUSETTS, STATE OF MINNESOTA,
STATE OF NEVADA, STATE OF NEW JERSEY, REQUEST FOR EMERGENCY
STATE OF NORTH CAROLINA, STATE OF TEMPORARY RESTRAINING
OREGON, STATE OF RHODE ISLAND, STATE ORDER UNDER FEDERAL RULE
OF VERMONT, and STATE OF WISCONSIN, OF CIVIL PROCEDURE 65(B)

Plaintiffs,

v.

DONALD J. TRUMP, IN HIS OFFICIAL

CAPACITY AS PRESIDENT OF THE UNITED
STATES; U.S. DEPARTMENT OF THE
TREASURY; and SCOTT BESSENT, IN HIS
OFFICIAL CAPACITY AS SECRETARY OF U.S.
DEPARTMENT OF THE TREASURY,

Defendants.

COMPLAINT FOR DECLARATORY AND INJUNCTIVE RELIEF

INTRODUCTION

1. The U.S. Treasury Department maintains and safeguards our nation’s central bank

account. Treasury’s Bureau of Fiscal Services (“BFS”) receives coded payment instructions in

the form of payment files from a host of federal agencies to disburse funds to tens of millions of

Americans every year – money they depend on to live. These funds include social security
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 2 of 60

benefits, veteran’s benefits, childcare tax credits, federal employee wages, and federal tax

refunds. Plaintiff States also receive billions of dollars in funds every year directly from Treasury

through BFS under federal grant programs. The States rely on these federal programs to provide

vital services for their residents, including Medicaid (the single largest federal funding stream to

the Plaintiffs), FEMA funds for disaster relief and management, Edward Byrne JAG grants

essential to law enforcement and criminal justice programs, education funding, and foster care

programs.

2. The payment files, which are uploaded to BFS’s payment systems, contain a

variety of sensitive personally identifiable information (“PII”), including social security and bank

account numbers, as well as confidential financial information about the amount and type of

payment being made. BFS also contains Federal Tax Information (FTI) regulated by Internal

Revenue Code section 6103 and 26 CFR Part 301, and Automated Clearing House (ACH) data

subject to 31 CFR Part 210.

3. Until several days ago, consistent with laws and regulations governing the

collection, storage, handling, and disclosure of PII, only a limited number of career civil servants

employed at BFS with appropriate security clearance had access to the BFS payment systems –

access necessary for them to perform their job function of ensuring BFS operates securely as

intended when disbursing the federal dollars appropriated by Congress to the States and their

residents.

4. That all began to change with the creation of the Department of Government

Efficiency (“DOGE”). The President announced DOGE in November 2024, advertising that it

2
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 3 of 60

would be co-led by billionaire Elon Musk and cut federal government spending. 1 That idea came

to fruition on Inauguration Day, with a January 20, 2025 Executive Order entitled “Establishing

and Implementing the President’s ‘Department of Government Efficiency.’” 2 One of DOGE’s

primary missions is to try to cut federal spending. Plaintiffs are informed and believe that DOGE

is attempting to access government data to support initiatives to block federal funds from

reaching certain disfavored beneficiaries. For instance, as the President prepares to attempt to

shut down the Department of Education, DOGE has been accessing student financial records. 3

DOGE has also gained access to Consumer Financial Protection Bureau systems data in support

of Mr. Musk’s effort to, in his own words, “[d]elete CFPB.” 4

5. As of February 2, 2025, the President and Treasury Secretary, directed Treasury

to grant expanded access to BFS payment systems to political appointees and “special

government employees” for reasons that have yet to be provided, although one apparent purpose,

upon information and belief. Upon information and belief, one purpose is to allow DOGE to

advance a stated goal to block federal funds from reaching beneficiaries who do not align with

the President’s political agenda. For example, DOGE was tasked with freezing payments issued

by the U.S. Agency for International Development (“USAID”) and sought access to BFS

payment systems to accomplish that goal. 5 Virtually unfettered access to BFS payment systems

1
Elon Musk and Vivek Ramaswamy will lead new ‘Department of Government Efficiency’ in Trump
administration | CNN Politics
2
Establishing And Implementing The President's "Department Of Government Efficiency" – The White
House
3
Trump preps order to dismantle Education Dept. as DOGE probes data
4
Musk's DOGE Descends on CFPB With Eyes on Shutting It Down
5
DOGE was tasked with stopping Treasury payments to USAID, AP sources say

3
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 4 of 60

was granted to at least one 25-year-old DOGE associate, Mark Elez, who, on information and

belief, had the authority to view or modify numerous critical files. 6 Indeed, reports indicate that

Elez had administrative privileges over the BFS payment system’s code, giving him the ability to

alter user permissions and “read and write” code—even if the associate had “read-only” access to

the system’s data. 7 Elez has since resigned from DOGE after being linked to racist social media

posts. 8

6. Around the same time that DOGE associates were unlawfully granted access to

BFS systems, Mr. Musk began publicly stating his intention to recklessly freeze streams of

federal funding without warning. On February 2, 2024, Mr. Musk posted on X (formerly

Twitter), an online social media platform, that DOGE is “rapidly shutting down” various “illegal

payments” made by the government to grant recipients, including payments to Lutheran Family

Services to provide services to migrant children. 9 That same day, Mr. Musk posted that his team

“spent the weekend feeding USAID into the wood chipper.” Since then, Mr. Musk has

unambiguously called for the cancellation of various streams of federal funding. For instance, on

February 6, 2025, he alleged: “Billions of taxpayer dollars to known FRAUDULENT entities are

STILL being APPROVED by Treasury. This needs to STOP NOW!” 10 Mr. Musk has also made

6
A 25-Year-Old With Elon Musk Ties Has Direct Access to the Federal Payment System | WIRED
7
https://www.wired.com/story/elon-musk-associate-bfs-federal-payment-system/
8
DOGE Staffer Resigns Over Racist Posts
9
Elon Musk on X: "The @DOGE team is rapidly shutting down these illegal payments" / X

Elon Musk on X: "Billions of taxpayer dollars to known FRAUDULENT entities are STILL being
10

APPROVED by Treasury. This needs to STOP NOW!" / X

4
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 5 of 60

wild, unsubstantiated claims about the BFS payment system and suggested putting it on the

blockchain. 11

7. Consistent with Mr. Musk’s statements, there have been numerous interruptions

to federal fundings streams in recent weeks, impacting health clinics, 12 preschools, 13 climate

initiatives, 14 and more. 15

8. The Treasury has represented that DOGE associates have “read only” access—

i.e., the ability to view content, but not the ability to modify it. 16 But the true limitations on

DOGE’s access remain unclear, and DOGE may still be able to modify the systems in

consequential ways. 17 It is also possible that DOGE maintains the ability to collect data from

BFS systems and route it to individuals with the ability to, for example, freeze particular

payments

9. Mr. Musk has publicly identified himself as co-head of DOGE and recently

posted on social media that his personal associates, all described as “special government

11
Fatima Hussein, “Elon Musk’s task force has gained access to sensitive Treasury payment systems,
sources say,” PBS News, Feb. 2, 2025, https://www.pbs.org/newshour/politics/elon-musks-task-force-has-
gained-access-to-sensitive-treasury-payment-systems-sources-say; Billy Bambrough, “‘This Needs To
Stop Now’—Elon Musk Confirms Radical Doge U.S. Treasury Plan,” Forbes, Feb. 2, 2025,
https://www.forbes.com/sites/digital-assets/2025/02/02/this-needs-to-stop-now-elon-musk-confirms-
radical-doge-us-treasury-plan/.
12
Health clinics face cuts, closures as Trump's funding fight ripples outside of Washington

Still locked out of federal funding, several Head Start preschools may need to close temporarily | AP
13

News
14
How 3 IRA projects are dealing with the spending freeze
15
Trump’s Attempt to Freeze Grant Funding Leaves Nonprofits Reeling - The New York Times
16
Treasury says Elon Musk's DOGE has "read only" access to payment systems

Day Seven of the Trump-Musk Treasury Payments Crisis of 2025: “Yours and WIRED's Reporting is
17

Actually Doing Something”

5
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 6 of 60

employees,” have access to BFS payment systems, 18 and are “rapidly shutting down” payments

to federal grant recipients. 19 He has also made wild, unsubstantiated claims about the BFS

payment system and suggested putting it on the blockchain. 20

10. Beyond affording Mr. Musk and his associates the ability to block BFS payments,

Defendants’ new expanded access policy poses huge cybersecurity risks, including risks to States

and States’ residents that their information will be used and processed, unchecked, in a manner

not permitted by federal law. Other reports indicate that data from other federal agencies is

being fed into an open-source Artificial Intelligence (“AI”) system owned and controlled by a

private third party without measures taken to ensure the privacy and security of U.S. citizens’

and residents’ data. 21 The very third party cloud computing service that DOGE is reportedly

using for this effort has experienced at least one major security breach. 22

11. States cannot bear the risk that sensitive BFS data may also be being fed into AI

systems.

12. The States have not received even basic information about whether sensitive

information is being shared with third parties and how that information is being used. Concerned

18
Treasury Department Letter to Members of Congress Regarding Payment Systems | U.S. Department of
the Treasury
19
Elon Musk on X: "The @DOGE team is rapidly shutting down these illegal payments" / X.
20
Fatima Hussein, “Elon Musk’s task force has gained access to sensitive Treasury payment systems,
sources say,” PBS News, Feb. 2, 2025, https://www.pbs.org/newshour/politics/elon-musks-task-force-has-
gained-access-to-sensitive-treasury-payment-systems-sources-say; Billy Bambrough, “‘This Needs To
Stop Now’—Elon Musk Confirms Radical Doge U.S. Treasury Plan,” Forbes, Feb. 2, 2025,
https://www.forbes.com/sites/digital-assets/2025/02/02/this-needs-to-stop-now-elon-musk-confirms-
radical-doge-us-treasury-plan/.
21
Trump Vs. Education Department: Musk's DOGE Reportedly Running Sensitive Data Through AI

22
Azure and Microsoft Exchange Servers Victim to Active Exploitation by Hackers – Spiceworks.
6
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 7 of 60

residents have turned to state agencies for guidance, directly impacting state resources, despite

having no more information than the residents.

13. DOGE’s access of BFS records puts vast amounts of funding for the States and

their residents in peril and endangers the PII of States’ residents whose information is stored on

the payment systems.

14. Plaintiffs the State of New York, Arizona, California, Colorado, Connecticut,

Delaware, Hawaii, Illinois, Maine, Maryland, Massachusetts, Minnesota, Nevada, New Jersey,

North Carolina, Oregon, Rhode Island, Vermont, and Wisconsin (collectively “States”) bring this

action against Donald J. Trump, in his official capacity as President of the United States, the

United States Department of the Treasury, and Scott Bessent, in his official capacity as Secretary

of the U.S. Department of the Treasury (“Defendants”), to end to this new and dangerous

expanded access policy. The States seek preliminary and permanent injunctive relief enjoining

Defendants from continuing to implement Treasury’s new policy of allowing access to the BFS

payment systems containing PII and confidential financial information of tens of millions of the

States’ residents to anyone other than career civil servants historically permitted access by law to

perform their job functions, and a declaration that Treasury’s policy change is unlawful and

unconstitutional.

15. The States are entitled to relief on multiple grounds. First, Treasury’s new policy

granting payment system access to individuals associated with Mr. Musk’s DOGE initiative risks

interference with the payment of funds appropriated by Congress, exceeds Treasury’s statutory

authority and therefore is ultra vires. Second, Treasury’s change in policy violates the

Administrative Procedures Act in numerous ways: the change is a final agency action that

exceeds statutory authority, is contrary to law, and is arbitrary and capricious. Third, by

7
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 8 of 60

permitting expanded access to those that may then block payments contrary to Congressional

appropriation, the new policy violates both the Separation of Powers doctrine and the Take Care

Clause of the United States Constitution.

JURISDICTION AND VENUE

16. This Court has jurisdiction under 28 U.S.C. § § 1331 and 2201(a). See 5 U.S.C. §

552a(g)(1)(D). Jurisdiction is also proper under the judicial review provisions of the APA, 5

U.S.C. §§ 702, 704.

17. An actual controversy exists between the parties within the meaning of 28 U.S.C.

§ 2201(a), and this Court may grant declaratory relief, injunctive relief, and other relief pursuant

to 28 U.S.C. §§ 2201– 2202, and 5 U.S.C. §§ 705–706.

18. Venue is proper in this judicial district under 28 U.S.C. §§ 1391(b)(2) and (e)(1).

Defendants are an agency of the United States government and officers sued in their official

capacities. Plaintiff the State of New York is a resident of this judicial district, and a substantial

part of the events or omissions giving rise to this Complaint occurred and are continuing to occur

within the Southern District of New York.

PARTIES

1. Plaintiffs

19. Plaintiff the State of New York, represented by and through its Attorney General,

is a sovereign state of the United States. The Attorney General is New York State’s chief law

enforcement officer and is authorized under N.Y. Executive Law § 63 to pursue this action.

8
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 9 of 60

20. Plaintiff the State of Arizona, represented by and through its Attorney General, is

a sovereign state of the United States. The Attorney General is Arizona’s chief law enforcement

officer and is authorized under Arizona Revised Statute § 41-193(A)(3) to pursue this action.

21. The State of California is a sovereign state in the United States of America.

California is represented by Attorney General Rob Bonta, who is the chief law enforcement

officer of California.

22. Plaintiff the State of Colorado, represented by and through its Attorney General

Phil Weiser, is a sovereign state of the United States. The Attorney General acts as the chief

legal representative of the state, and is authorized under section 24-31-101, C.R.S., to pursue this

action.

23. Plaintiff the State of Connecticut, represented by and through its Attorney

General, is a sovereign state of the United States. The Attorney General is Connecticut’s chief

legal officer and is authorized under General Statutes § 3-125 to pursue this action on behalf of

the State of Connecticut.

24. Plaintiff the State of Delaware is a sovereign state of the United States of

America. This action is brought on behalf of the State of Delaware by Attorney General Kathleen

Jennings, the “chief law officer of the State.” Darling Apartment Co. v. Springer, 22 A.2d 397,

403 (Del. 1941). Attorney General Jennings also brings this action on behalf of the State of

Delaware pursuant to her statutory authority. 29 Del. C. § 2504.

25. Plaintiff the State of Hawai’i, represented by and through its Attorney General, is

a sovereign state of the United States. The Attorney General is Hawaii’s chief legal officer and

chief law enforcement officer and is authorized by Hawaii Revised Statues § 28-1 to pursue this

action.

9
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 10 of 60

26. Plaintiff the State of Illinois is a sovereign state of the United States. It is

represented in this action by the Attorney General of Illinois, who is the chief legal officer of the

State and is authorized to pursue this action on behalf of the State pursuant to Article V, Section

15 of the Illinois Constitution and 15 ILCS 205/4.

27. Plaintiff the State of Maine, represented by and through its Attorney General, is a

sovereign state of the United States. The Attorney General is Maine's chief law officer and is

authorized under 5 Me. Rev. Stat. Ann. sec. 191 to pursue this action.

28. Plaintiff the State of Maryland is a sovereign state of the United States of

America. Maryland is represented by Attorney General Anthony G. Brown who is the chief legal

officer of Maryland.

29. Plaintiff the Commonwealth of Massachusetts, represented by and through its

Attorney General, is a sovereign state of the United States. The Attorney General is the chief

law officer of the Commonwealth and is authorized under Mass. Gen. Laws ch. 12, s. 3, to

pursue this action.

30. The State of Minnesota is a sovereign state of the United States of America.

Minnesota is represented by Attorney General Keith Ellison who is the chief law enforcement

officer of Minnesota.

31. Plaintiff State of Nevada, represented by and through Attorney General Aaron D.

Ford, is a sovereign State within the United States of America. The Attorney General is the chief

law enforcement of the State of Nevada and is authorized to pursue this action under Nev. Rev.

Stat. 228.110 and Nev. Rev. Stat. 228.170.

10
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 11 of 60

32. Plaintiff State of New Jersey is a sovereign state of the United States. The

Attorney General of New Jersey is the State’s chief legal adviser and is authorized to act in

federal court on behalf of the State on matters of public concern.

33. Plaintiff the State of North Carolina is a sovereign state of the United States of

America. North Carolina is represented by Attorney General Jeff Jackson who is the chief law

enforcement officer of North Carolina.

34. Plaintiff the State of Oregon, represented by and through Attorney General Dan

Rayfield, is a sovereign state of the United States. The Oregon Attorney General is Oregon’s

chief law enforcement officer and authorized to pursue this action by Oregon Revised Statutes

Chapter 180. Oregon’s more than 4.2 million residents have numerous contacts with federal

financial systems and the Defendants have now exposed their sensitive financial information not

just individuals lacking qualifications and security clearance, but potential hostile actors and

malware attacks. In addition to the majority of Oregonians who pay taxes, residents of the State

of Oregon include veterans, employees of multiple federal agencies who received their wages

through federal payment systems, and vulnerable individuals participating in federal programs

for children, crime victims, and persons with disabilities.

35. Plaintiff the State of Rhode Island is a sovereign state in the United States of

America. Rhode Island is represented by Attorney General Peter F. Neronha, who is the chief

law enforcement officer of Rhode Island.

36. The State of Vermont is a sovereign state of the United States of America.

Vermont is represented by Attorney General Charity Clark, who is the chief law enforcement

officer of Vermont.

11
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 12 of 60

37. The State of Wisconsin is a sovereign state of the United States of America.

Wisconsin is represented by Attorney General Josh Kaul who is the chief law enforcement

officer of Wisconsin.

2. Defendants

38. Defendant Donald J. Trump is sued in his official capacity as the President of the

United States. He is responsible for the actions and decisions that are being challenged by

Plaintiffs in this action.

39. Defendant the United States Department of the Treasury (“Treasury”) is a cabinet

agency within the executive branch of the United States government. 31 U.S.C. § 301. Treasury

is responsible for ensuring the financial security of the United States.

40. Defendant Scott Bessent is sued in his official capacity as the Secretary of the

U.S. Department of the Treasury and in that role is responsible for the operations of Treasury and

management the finances of the United States.

ALLEGATIONS

1. The Administrative Procedure Act

41. The APA permits judicial review by persons “suffering legal wrong because of

agency action, or adversely aggrieved by agency action.” 5 U.S.C. § 702; see id. §§ 7031.

42. The APA provides that courts must “hold unlawful and set aside” agency action

that is “in excess of statutory jurisdiction, authority, or limitations”; that is “not in accordance

with law”; or that is “arbitrary, capricious, [or] an abuse of discretion.” 5 U.S.C. §§ 706(2)(A),

(C), (D).

12
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 13 of 60

2. Laws and Regulations Governing Sensitive Information

43. Federal laws and regulations protect sensitive personal and financial information

from improper disclosure and misuse, including by barring disclosure to individuals who lack a

lawful and legitimate need for access.

a. Privacy Act of 1974

44. Congress enacted the Privacy Act of 1974 to “provide certain safeguards for

an individual against an invasion of personal privacy,” by requiring governmental agencies to

maintain accurate records and providing individuals with more control over the gathering,

dissemination, and accuracy of agency information about themselves. 5 U.S.C. § 552a.

45. To accomplish this purpose, the Privacy Act sets forth conditions for disclosure of

private information and precludes an agency from disclosing information in its files to any

person or to another agency without the prior written consent of the individual to whom

the information pertains. See 5 U.S.C. § 552a(b). One condition under which disclosure is

permitted without consent of the individual is to “those officers and employees of the agency

which maintains the record who have a need for the record in the performance of their duties[.]”

Id. § 552a(b)(1). When such disclosures are made to another U.S. agency, the activity must be

“authorized by law” and the “head of the agency” must have made a “a written request ...

specifying the particular portion desired and the law enforcement activity for which the record is

sought[.]” Id. § 552a(b)(7). The Privacy Act’s other allowances for disclosure of private

information are similarly specific.

46. The Privacy Act was passed largely out of concern over “the impact of computer

data banks on individual privacy.” H.R.Rep. No. 93–1416, p. 7 (1974). The Privacy Act provides

generally that “[n]o agency shall disclose any record which is contained in a system of records ...

13
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 14 of 60

except pursuant to a written request by, or with the prior written consent of, the individual to

whom the record pertains.” 5 U.S.C. § 552a(b) (1982 ed., Supp. V).

47. The Privacy Act lists 13 exceptions to the bar on disclosure, two of which are

relevant here. Specifically, an agency may disclose the records it maintains within the agency “to

those officers and employees of the agency…who have a need for the record in the performance

of their duties.” Id. § 552a(b)(1). Second, pursuant to the Act’s record notice protocol, 23 an

agency must give 30 days’ notice of new or revised record SORNs, allowing public comments (5

U.S.C. § 552a(e)(11)). A SORN must include information on the categories of individuals and

records in the system, the routine uses of the records, and the agency's policies on storage,

access, retention, and disposal. (5 U.S.C. § 552a(e)(4)). 24

48. The Bureau has 20 systems of records, for which it has issued a system of record

notice. As relevant here, (i) SORN .002 involves payment records for individuals receiving

payments from the U.S. government, containing personal data like Social Security numbers,

payment amounts, and bank account information (85 Fed. Reg. at 11779); (ii) SORN .012

pertains to individuals who owe debts to the government, including detailed financial

information like income, assets, and liabilities (85 Fed. Reg. at 11794); and (iii) SORN .013

includes records about individuals who electronically authorize payments to the federal

government, containing information such as bank account details and user credentials (85 Fed.

Reg. at 11796-97).

23
Under the Privacy Act, an agency that has a system of records about individuals must publish a notice
in the Federal Register “of the existence and character” of that system (“SORN”). 5 U.S.C. § 552a(e)(4).
24
“Routine use” refers to using records for purposes compatible with their original collection (5 U.S.C. §
552a(a)(7)).
14
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 15 of 60

b. E-Government Act of 2002

49. The E-Government Act of 2002 recognizes the importance of information security

to the economy and national security interests of the United States. 44 U.S.C. § 3501.

50. Congress passed the E-Government Act to “promote the use of the Internet and

electronic government services,” “to make the Federal Government more transparent and

accountable,” as well as “to provide enhanced access to Government information and services in

a manner consistent with laws regarding protection of personal privacy, national security, records

retention, access for persons with disabilities, and other relevant laws.” Id.

51. Section 208 of the E-Government Act requires agencies to perform and publish a

privacy impact assessment (“PIA”) in certain circumstances involving collection, maintenance,

or dissemination of personal information in an identifiable form. The purpose of this section is to

ensure sufficient protections for the privacy of PII as agencies implement citizen-centered

electronic Government.

52. The Federal Information Security Management Act (“FISMA”) is a federal law

enacted under Title III of the E-Government Act of 2002.

53. The “FISMA 2002” 25 required each federal agency to develop, document, and

implement an agency-wide program to provide information security for the information and

systems that support the operations and assets of the agency, including those provided or

managed by another agency, contractor, or other sources. 26

25
The FISMA as enacted under the E-Government Act of 2002 in that year, “FISMA 2002,” was amended
by the Federal Information Security Management Act of 2014.
26
As defined in FISMA 2002, “[t]he term ‘Federal information system’ means an information system
used or operated by an executive agency, by a contractor of an executive agency, or by another
organization on behalf of an executive agency.”

15
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 16 of 60

54. Updates to FISMA in 2014 provided several modifications that modernized

federal security practices to address evolving security concerns. The changes, amongst other

things, strengthened the use of continuous monitoring in systems and increased focus on the

agencies for compliance and reporting that is more focused on the issues caused by security

incidents. FISMA 2014 also required the Office of Management and Budget (OMB) to

amend/revise OMB Circular A-130 to eliminate inefficient and wasteful reporting and reflect

changes in law and advances in technology. 27

55. In support of and reinforcing FISMA, OMB through Circular A-130, “Managing

Federal Information as a Strategic Resource,” requires executive agencies within the federal

government to: (i) Plan for security; (ii) Ensure that appropriate officials are assigned security

responsibility; (iii) Periodically review the security controls in their systems; (iv) Authorize

system processing prior to operations and, periodically, thereafter. Id.

56. Under FISMA, the National Institute of Standards and Technology (“NIST”) must

set standards and best practices for information security at federal agencies, and agencies must

meet security standards and conduct annual, independent evaluations of their information

security. 44 USC §§ 3543-3545. 28

57. Accordingly, under FISMA, federal agencies need to provide “information

security protections commensurate with the risk and magnitude of the harm resulting from

unauthorized access, use, disclosure, disruption, modification, or destruction of (i) information

collected or maintained by or on behalf of an agency; and (ii) information systems used or

27
http://csrc.nist.gov/projects/risk-management/fisma-background
28
See also NIST, NIST Risk Management Framework (updated Sept. 24, 2024)
https://csrc.nist.gov/projects/risk-management/fisma-background

16
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 17 of 60

operated by an agency or a contractor of an agency or other organization on behalf of an agency,

in addition to also “comply[ing] with the information and security standards and guidelines, and

mandatory required standards developed by NIST.” 29

c. 26 U.S.C. § 6103

58. Pursuant to the Tax Reform Act of 1976, tax information, including returns and

return information, must be treated as confidential and subject to disclosure only when

authorized by statute. According to the legislative history of the enactment, Congress was

concerned about abuses related to the treatment and disclosure of such information. Staff of

Joint Comm. on Int. Rev. Tax., 94th Cong., 2d Sess., General Explanation of the Tax Reform

Act of 1976, 1976-3 C.B. (Vol. 2) at 326-27. Among the specific abuses enumerated by

Congress were the use of tax return information by the White House for non-tax matters, use by

the Justice Department and United States Attorney offices in both tax and non-tax civil and

criminal proceedings to impeach witnesses or discredit their testimony, and the lack of adequate

safeguards over the access to and improper use of such information at the state and local levels.

59. Accordingly, under Section 6103, Congress has authorized disclosure of tax

returns and/or return information under only thirteen limited circumstances, and subject to

criminal penalties for violating the disclosure prohibitions. 26 U.S.C. § 6103(c).

60. Relevant here, § 6103(h)(1) specifies that authorized disclosures to federal

officers and employees in Treasury “be open to inspection by or disclosure to officers and

employees of the Department of the Treasury whose official duties require such inspection or

disclosure for tax administration purposes.”

29
Id.
17
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 18 of 60

d. 31 CFR 1.32.

61. Pursuant to the Code of Federal Regulations, title 31, subtitle A, Part 1, section

1.32, there are restraints on Treasury’s collection, use, disclosure and protection of social

security numbers (“SSNs”). Specifically, the Office of the Secretary of the Treasury, within

Treasury, has specific guidelines on when the Secretary must collect and maintain full SSNs, as

well as prohibitions on disclosure of SSNs.

62. Section 1.32(d) further specifies that, “[w]henever feasible, Treasury must mask,

or truncate/partially redact Social Security numbers visible to authorized Treasury/component

information technology users so they only see the portion (if any) of the Social Security number

required to perform their official Treasury duties.”

e. 18 U.S.C. §§ 207, 208

63. The federal government maintains a compilation of ethics laws that constitute an

ethics code to govern the conduct of federal employees. Title 18 of the U.S. Code provides

restrictions on federal employee conduct in order to ensure such employees avoid conflicts,

including personal interests that affect official action. See 18 U.S.C. § 208(a); 30 see also 5

C.F.R. part 260. Special government employees are contemplated in these ethics rules, including

§ 208(a), and subject to penalties under section 216 of the Code. See 18 U.S.C. § 216 (describing

30
“Except as permitted by subsection (b) hereof, whoever, being an officer or employee of the executive
branch of the United States Government, or of any independent agency of the United States, a Federal
Reserve bank director, officer, or employee, or an officer or employee of the District of Columbia,
including a special Government employee, participates personally and substantially as a Government
officer or employee, through decision, approval, disapproval, recommendation, the rendering of advice,
investigation, or otherwise, in a judicial or other proceeding, application, request for a ruling or other
determination, contract, claim, controversy, charge, accusation, arrest, or other particular matter in which,
to his knowledge, he, his spouse, minor child, general partner, organization in which he is serving as
officer, director, trustee, general partner or employee, or any person or organization with whom he is
negotiating or has any arrangement concerning prospective employment, has a financial interest—
Shall be subject to the penalties set forth in section 216 of this title.”

18
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 19 of 60

the remedies for violating, inter alia, §§207 and 208, include civil penalties up to $50,000 for

each violation, or an injunction to enjoin further violations). The only exception from § 208(a)’s

requirements relevant here would be for the appointing official of a special government

employee (with a duly filed financial disclosure pursuant to chapter 5 of title 31), to review the

SGE’s disclosure and certify that the special government employee’s work “outweighs the

conflict of interest.” 18 U.S.C. § 207(c).

3. Treasury and the Bureau of Fiscal Services

64. Treasury is an executive branch department of the United States government; it

functions as the national treasury and the finance department for the federal government. 31

U.S.C. § 301. Part of Treasury’s function is to collect all federal taxes through the Internal

Revenue Service; manage U.S. government debt instruments; license and supervise banks and

thrift institutions; and advise the legislative and executive branches on matters of fiscal policy. 31

65. Treasury is responsible for managing the finances of the United States

Government. Its responsibilities include collecting receipts owed to the government and making

payments to recipients of public funds. 31 U.S.C. §§ 3301, 3321. In fiscal year 2024, Treasury

handled $6.752 trillion in disbursements, including $1.46 trillion for social security benefits. 32

Treasury is the largest collections, payments, cash management, and financial operation in the

world.

31
See https://home.treasury.gov/about/general-information/role-of-the-treasury.
32
U.S. Dep’t of Treas., Bur. of Fiscal Serv., Final Monthly Treasury Statement, Receipts and Outlays of the United
States Government For Fiscal Year 2024 Through September 30, 2024, and Other Periods 4.

19
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 20 of 60

66. Treasury is split into two main organized components: departmental offices and

operating bureaus. Treasury’s departmental offices are “primarily responsible for the formulation

of policy and management of the Department as a whole, while the operating bureaus carry out

the specific operations assigned to the Department.” Id.

67. BFS is one of Treasury’s operational bureaus. As described in its mission

statement, BFS seeks to “promote financial integrity and operational efficiency of the federal

government through exceptional accounting, financing, collections, payments, and shared

services.” 33

68. BFS’s executive functions include (i) collecting funds: “Provid[ing] citizens a

variety of modern electronic options for paying federal taxes, charges, and fees. Minimiz[ing]

lockboxes and paper processing”; (ii) disbursing funds: “[c]reat[ing] a seamless end-to-end

process that is all-electronic from the initiating transaction through settlement: more agile,

efficient, and resilient.”; (iii) financing: “…offering Treasury securities to investors through

modern, secure, and reliable technology”; (iv) reporting: “[p]roviding federal agencies and the

American public information that is accurate, accessible, and transparent [and s]treamlining the

federal reporting process to reduce agency reporting burden”; and (v) servicing: “[p]rovid[ing]

customer-centric services and solutions to agencies that enable improved decision-making and

high-performance through innovation, standardization, operational efficiency, and risk

reduction.” 34

33
https://fiscal.treasury.gov/about.html.
34
https://fiscal.treasury.gov/about.html.

20
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 21 of 60

69. Handling 1.2 billion transactions a year, BFS disburses 90% of all federal

payments. 35 Relevant here, BFS is responsible for the following federal agency disbursements to

individuals: social security benefits, veteran’s benefits, childcare tax credits, federal employee

wages, and federal tax refunds. BFS is also responsible for disbursing directly to the States funds

for the following federal programs, to name just a few: Medicaid, FEMA, Edward Byrne JAG

grants, education funding, and foster care programs.

70. The two relevant systems that BFS relies on to perform its executive functions are

the Payment Automation Manager (“PAM”) and the Secure Payment System (“SPS”).

71. For BFS to issue disbursement of federal funds through these payment systems,

federal agencies who owe payments to recipients outside of the federal government prepare and

send to BFS a “payment file” containing the coded payment instructions for the desired

disbursements after they certify that the payees are eligible to receive the funds. These payment

files contain PII, such as social security numbers, home addresses, and bank account numbers, as

well as confidential financial information consisting of the amount of the funds being disbursed

and the type of payment (e.g., whether the payment is a veterans benefit, or tax refund, etc.).

Once the agency certifies the payee is eligible by checking various “bad actor” databases

(including, for example, lists of those deemed bad contractors or subject to sanctions), the

agency sends the payment file to BFS, which then utilizes its PAM and/or SPS systems to

disburse the funds as directed by the sending agency.

72. Because the responsible agency has certified the payment file, and other Treasury

officials have checked the bad actor database, BFS’s role is to process the disbursement of funds

See Treasury Department Letter to Members of Congress Regarding Payment Systems | U.S.
35

Department of the Treasury.

21
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 22 of 60

in accordance with the coded data in the payment file as received from the sending agency. In

other words, “the agency responsible for making the payment always drives the payment

process.” 36

73. Housed on a secure mainframe, the PAM and SPS systems control government

payments that in their totality amount to more than a fifth of the US economy.

a. BFS Disbursements to States and Their Residents

74. BFS disburses billions of dollars directly to the States through a host of federal

programs that are critical for the States to provide vital services for their residents. Such funding

streams include distributions from Medicaid funds, FEMA, Edward Byrne Jag Memorial Justice

Assistance grants, education funding, and foster care programs. Across our Plaintiff State

coalition, the States and their residents receive billions of dollars flowing from federal

distributions.

75. BFS disbursements also include payments to the States’ residents in various

forms, including for example through social security benefits, veteran’s benefits, childcare tax

credits, federal employee wages, and federal tax refunds. BFS also disburses billions of dollars

directly to the States through a host of federal programs that are critical for the States to provide

vital services for their residents.

76. In total, New York received $94.3 billion in federal funds to the State’s general

checking bank account for NYS governmental funds for fiscal year ending 3/31/24. The

majority of the receipts are received using a UPIC account, which only allows deposits. If the

Treasury Department Letter to Members of Congress Regarding Payment Systems | U.S.

36

Department of the Treasury.

22
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 23 of 60

Federal government sends a wire, the State’s general checking bank account information would

be used, which is minimal, but is sensitive banking information.

77. New York has $4 billion in FEMA reimbursements provided as public assistance

for the 2024-25 State Fiscal Year distributed to the State and municipalities for rebuilding,

recovery and improved resiliency after a disaster declaration.

78. New York’s Department of Labor’s receives approximately $868 million, 86% of

its 2024-2025 enacted budget, from federal distributions to deliver federal and state programs

related to administering unemployment insurance, engaging in workforce development, and

enforcing the New York State Labor Law.

79. BFS disbursements that flow into New York include the Social Security

Administration program which provides social security retirement benefits distributed directly

from the federal government to the individual New York recipients. In 2024, 3,764,852 New

Yorkers received Social Security benefits distributed from the federal program; as well as

562,775 New Yorkers who received SSI benefits distributed directly, and 506,323 New Yorkers

who directly received their SSDI benefits directly from the federal program.

80. For New York to receive its billions of dollars in federal funds, it operates in a

reimbursement model. The State pays from its treasury for State administered federal programs,

and on the back end seeks federal reimbursement through the federal government’s funding

portal system. In those instances where federal reimbursement is sent by wire, sensitive New

York wiring and ACH bank account information is provided in order for the funds to be directed

to New York.

23
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 24 of 60

81. New York receives $70 billion from the federal government in Medicaid funds.

There are approximately 6.8 million Medicaid beneficiaries in New York State, nearly all of

whom receive federally-funded Medicaid distributions.

82. Arizona, for example, expects to receive a total of $30 billion in federal funding,

dispersed via BFS, during fiscal year 2025. 37

a. Much of that money funds health and human service ($24.7 billion). The Arizona

Healthcare Cost Containment System (AHCCCS, Arizona’s Medicaid service)

expects to receive $17.6 billion in fiscal year 2025 through Medicaid.

b. AHCCCS also receives a total of $186 million annually in federal assistance

programs. This takes the form of $23.8 million in Mental Health Block Grants

and $47.8 million in Substance Abuse Block Grants.

c. The Arizona Department of Veterans’ Services also receives large amounts of

federal dollars via BFS in order to serve those who served this Nation. Each year,

the Department receives about $44 million, most of which supports skilled

nursing facilities for this Nation’s veterans. That money also funds the Staff

Sergeant Parker Gordon Fox Suicide Prevention Grant Program ($750 thousand)

and helps the Department to ensure that colleges about by the G.I. Bill’s

requirements ($482 thousand).

d. Funding received via BFS also protects Arizonans from disaster. The Arizona

Department of Homeland Security has open federal grant awards from FEMA

totaling $141 million for fiscal years 2021–24. Considering all sources of federal

37
Absent the funding freeze implicated in other litigation involving many plaintiff States and the federal
government. See State of New York v. Trump, No. 25-0039 (D. R.I. filed Jan. 28, 2025).
24
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 25 of 60

funding, Arizona should receive $63 million in total disaster preparation and relief

funds in fiscal year 2025.

e. Funding received via BFS also keeps Arizonans safe from crime via the Edward

Byrne Memorial Justice Assistance Grant Program. That program provides the

State and its subdivisions with funds to support justice-related programs. Arizona

receives $5.4 million in grants under this program.

f. Funding received via BFS is also used to educate Arizonans. In total, Arizona

receives $2.2 billion in federal funding for K-12 education and $1.3 billion for

higher education. Arizona State University, for instance, receives grants from 25

different federal agencies. Those grants totaled to $510 million in fiscal year

2023.

83. California receives BFS disbursements for its States’ residents in various forms,

including:

a. Social Security Benefits: In 2023, California citizens received $128.7 billion in

Social Security and retirement benefits.

b. Veterans Benefits: In 2025, Californians are set to receive $4.3 billion in veterans

compensation.

c. Federal Employees: In 2024, the federal government paid salaries and wages to

147,487 Californians.

84. BFS also disburses billions of dollars directly to the States through a host of

federal programs that are critical for the States to provide vital services for their residents,

including:

25
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 26 of 60

a. Overall: For 2025-2026, the California Governor’s proposed state budget

includes more than $170 billion in federal funds, amounting to over one-third of

the total state budget.

b. Education: The 2025-2026 budget includes $7.9 billion in federal funding for K-

12 education, and $7.3 billion for higher education.

c. Medicaid: For 2025-2026, California has budgeted $112.1 billion in federal

funding for Medi-Cal to provide healthcare services to low-income Californians.

d. Social Services: For 2025-2026, California has budgeted $11.7 billion in federal

funds for the California Department of Social Services to support child welfare

services, foster care, the CalWORKs program, and other services for low-income

and vulnerable Californians.

e. Employment Development Department (EDD): Currently, California expects

$1.3 billion in open grants from the federal government, which are used to

support unemployment insurance administration, the Workforce Innovation and

Opportunity Act program, Wagner-Peyser program, Jobs for Veterans state grant,

and integral job training and placement services.

f. Edward Byrne Memorial Justice Assistance Grant (JAG): In 2023, California

received $35.7 million in allocations from the JAG fund.

(https://bjs.ojp.gov/library/publications/justice-assistance-grant-jag-program-

2023)

85. In the aggregate, Connecticut residents receive approximately $656,760,797 in

veterans’ benefits annually. In SFY 2024, the State of Connecticut received $6,868,967,920 in

federal funding for Medicaid; $1,560,395 under the Edward Byrne JAG program;

26
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 27 of 60

$1,221,252,405 in federal grants for education; $28,705,050 in Title IV-E Foster Care payments;

$54,702,152 in Title IV-E Adoption Assistance payments; and $5,734,375 in Title IV-E

Subsidized Guardian payment.

86. Based on the Delaware fiscal year, Delaware State has received federal funding

distributions in the following ways:

a. Delaware Byrne JAG Grants:

i. DE FY 2024 Byrne JAG grants: Total Awarded = $923,744.00

ii. DE FY 2023 Byrne JAG grants: Total Awarded = $1,079,646.00

iii. DE FY 2022 Byrne JAG grants: Total Awarded = $1,006,656.00

b. Delaware Medicaid/MCHIP/DE Healthy Children:

i. DE FFY 2024 Medicaid Services Federal Share = $2,149,308,652.00

ii. DE FFY 2024 Medical Administration Federal Share = $91,151,953.00

iii. DE FFY 2024 Maternal and Child Health Integrated Program (MCHIP)

Federal Share = $6,653,611.00

iv. DE FFY 2024 Delaware Healthy Children Federal Share =

$27,810,795.00

c. Delaware Emergency Management Agency, DE FY 2024 DEMA grants

i. Operational/pass-thru:
1. Emergency Management Performance Grant = $2.980M
2. Homeland Security Grant Program = $4.320M
3. State Local Cyber = $4.545M
ii. Disaster/mitigation:
1. 3 disasters – COVID, Hurricane Isaias, and Hurricane Ida =
$290M total, $277M has already been awarded
2. Hazard mitigation for above disasters = $4M

27
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 28 of 60

iii. Competitive
1. Non-profit security = $2.311M
d. Building Resilient Infrastructure and Communities $1.079M

87. The State of Hawai’i and its residents receive billions of dollars per year from the

federal government. For example:

a. According to the 2023 State of Hawaiʻi Data Book, in 2022, the estimated total of

Social Security benefits received by Hawaiʻi residents was $5,474,000,000.

b. According to the 2023 State of Hawaiʻi Data Book, in 2023, Hawaiʻi residents

received $1,511,542,000 in veterans’ benefits.

c. For Fiscal Year 2024, the State of Hawaiʻi received over $2.365 billion in federal

funding for Medicaid as the federal share.

d. For Fiscal Year 2024, the State of Hawaii’s Child Welfare Services received

$81,898,541 in federal funds.

e. From Fiscal Year 2021 to Fiscal Year 2024, the State of Hawaiʻi received

$3,764,101 from the federal Byrne JAG program.

88. The State of Illinois has received, and expects to continue to receive, billions of

dollars per year from the federal government. For example, Illinois anticipates receiving around

$10 billion in Medicaid reimbursements from the federal government in Fiscal Year 2025. In

addition, Illinois has received more than $4 billion from the federal government relating to K-12

education in Fiscal Year 2025. In Fiscal Year 2024, Illinois received more than $6.3 million from

the federal Byrne JAG program for criminal justice initiatives. Illinois residents also receive, and

expect to continue to receive, substantial disbursements from the federal government. For

example, Illinois residents and businesses have received more than $72 million from the federal

government in Fiscal Year 2025 for disaster relief.

28
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 29 of 60

89. Maryland estimates that it received federal disbursements of over $11 billion to

the State in FY24, and over $50 billion in federal disbursements to Maryland residents in FY24.

90. Minnesotans are the recipients of billions of dollars of federal funds per year

through federal government programs that are paid out, and through, BFS payment systems.

These payments include, for example, social security benefits, earned compensation and benefits

from the U.S. Department of Veterans Affairs, and reimbursements for healthcare covered by

under Medicare programs.

91. The State of Minnesota and its agencies have budgeted for $22.6 billion in federal

grants revenue for FY 2025. This equates to roughly $1.9 billion per month in FY2025.

Approximately 90 percent of federal funds flowing to Minnesota programs are processed via

BFS, though the precise amount is not known at this time.

a. The Minnesota Department of Transportation receives approximately $1 billion

per year from the U.S. Department of Transportation, which are processed by

BFS payment systems. These federal dollars fund road construction projects,

transit, and airport improvement projects.

b. The Minnesota Department of Health receives federal funds via BFS payment

systems for programs that include, for example, services for sex-trafficking

victims, reduce opioid abuse and overdose fatalities, monitoring and remediating

water supply contamination.

c. The Minnesota Department of Human Services receives federal funding via BFS

payment systems that support its Medicaid programs, IV-E programs that fund

child welfare services, Temporary Assistance for Needy Families (“TANF”),

Child Care and Development Block Grants (“CCDBG”), and Supplemental

29
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 30 of 60

Nutritional Assistance Program. Minnesota’s Medicaid program is projected to

spend approximately $11.3 billion in federal funds in the current budget year.

d. Minnesota local law enforcement agencies annually receive Byrne JAG grants

that provide money used to fund local law enforcement initiatives. In Fiscal Year

2024, Minnesota received approximately $1.014 million in Byrne JAG grants that

were processed by BFS payment systems.

92. In 2024, Nevada residents received $435,791,000 in SSI benefits. 38

93. As of the end of FY 2022, Nevada Veterans were estimated to have received

$1,494,640,188 in compensation benefits and $24,848,212 in pension benefits. 39

94. In 2021, Nevada families received more $600,956,000 in the form of childcare tax

credits. 40

95. As of March 2024, data from the Office of Personnel Management showed that

the executive branch of the federal government employed 13,697 41 people in Nevada and Census

Bureau data estimated that 40,267 Nevadans self-reported as federal government employees. 42

38
https://www.ssa.gov/policy/docs/statcomps/supplement/2024/7b.html
39
https://www.benefits.va.gov/REPORTS/abr/docs/2022-abr.pdf at 42.
40

https://view.officeapps.live.com/op/view.aspx?src=https%3A%2F%2Fhome.treasury.gov%2Fsystem%2Ff
iles%2F131%2FAdvance-CTC-Payments-Disbursed-October-2021-by-State-
10142021.xlsx&wdOrigin=BROWSELINK
41

https://crsreports.congress.gov/product/pdf/R/R47716#:~:text=This%20report%20provides%20a%20snap
shot%20of%20recent%20statistics,district%20as%20configured%20in%20the%20118th%20Congress%2
0%282023-2024%29 at 2.
42

https://crsreports.congress.gov/product/pdf/R/R47716#:~:text=This%20report%20provides%20a%20snap

30
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 31 of 60

In 2017, the average salary for a federal employee in Nevada was $74,275, 43 and reports citing

OPM data indicate that by March 2023 the average salary reached $92,084. 44

96. For FY 2022, Nevadans received approximately $5,772,153,000 in refunds from

the Internal Revenue Service. 45

97. For FY 2023, total Medicaid spending for Nevada was $5,572,000,000, with the

Federal Government responsible for $4,421,000,000 of that total. 46

98. Nevada received FEMA grants in the amount of $305,854 for FY 2024 Fall and

$86,804 for FY 2024 Spring. 47 And Nevada also recently received a $10,000,000 grant from

FEMA for a critical infrastructure project on the Marlette Lake Dam in the Lake Tahoe Basin. 48

99. For FY 2024, Nevada law enforcement agencies received $1,221,750 from the

Edward Byrne Memorial Justice Assistance Program. 49

100. For FY 2023, Nevada received more than $359 million from the Department. In

FY 2024, Nevada was slated to receive more than $347 million from the Department and for FY

shot%20of%20recent%20statistics,district%20as%20configured%20in%20the%20118th%20Congress%2
0%282023-2024%29 at 3-4, 10-11.
43
https://www.opm.gov/policy-data-oversight/data-analysis-documentation/federal-employment-
reports/reports-publications/salary-information-for-the-executive-branch.pdf
44
https://usafacts.org/articles/how-much-money-do-federal-employees-make/
45
https://view.officeapps.live.com/op/view.aspx?src=https%3A%2F%2Fwww.irs.gov%2Fpub%2Firs-
soi%2F22dbnevada.xlsx&wdOrigin=BROWSELINK

https://www.macpac.gov/wp-content/uploads/2024/12/EXHIBIT-16.-Medicaid-Spending-by-State-
46

Category-and-Source-of-Funds-FY-2023.pdf
47
https://www.fema.gov/emergency-managers/risk-management/dam-safety/grants

48
https://www.kolotv.com/2024/10/22/nevada-will-get-10-million-fema-prevent-breach-marlette-lake-
dam/
49
https://bja.ojp.gov/funding/jag-local-allocations-nv.pdf
31
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 32 of 60

2025 is projected to receive more than $351 million dollars. For FY 2023, Nevada received over

$182 million for postsecondary education programs from the Department. For FY 2024, Nevada

was slated to receive nearly $209 million for postsecondary education from the Department and

for FY 2025 is projected to receive over $230 million for postsecondary education programs. 50

101. The State of New Jersey has received, and expects to continue to receive, billions

of dollars per year from the federal government. For example:

a. Social Security: In New Jersey, 1,689,504 individuals receive Old-Age,

Survivors, and Disability Insurance (“OASDI”)—popularly known as Social

Security—monthly benefits. Congressional Statistics, 2023, Social Security

Administration,

https://www.ssa.gov/policy/docs/factsheets/cong stats/2023/nj.pdf. 163,405

individuals in New Jersey receive federally administered Social Security Income

(SSI) payments. Id.

b. Medicare: New Jersey, there are 1,768,445 Medicare beneficiaries. Medicare

Enrollment Dashboard, Data.CMS.gov – Centers for Medicare & Medicaid

Services, https://data.cms.gov/tools/medicare-enrollment-dashboard.

c. Veteran’s Benefits: In New Jersey, there are 299,271 veterans, with 1,864

receiving a pension, 73,675 unique patients treated, 65,451 receiving disability

compensation, 7,102 education beneficiaries, 130,929 enrollees in the VA

Healthcare system, and 6,983 dependency and indemnity compensation

50

https://view.officeapps.live.com/op/view.aspx?src=https%3A%2F%2Fwww.ed.gov%2Fsites%2Fed%2Ffi
les%2F2024-10%2F25stbystate.xlsx&wdOrigin=BROWSELINK
32
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 33 of 60

beneficiaries. Distribution of Veterans by County (FY2023), U.S. Department of

Veterans Affairs – New Jersey, https://www.data.va.gov/stories/s/df26-ez7w.

d. Internal Revenue Service (IRS) Tax Refunds and Benefits: In New Jersey there

were 4,638,3000 individualized income tax returns filed. SOI Tax Stats – Data by

Congressional District 2022 – New Jersey, IRS, https://www.irs.gov/statistics/soi-

tax-stats-data-by-congressional-district-2022. As an example of just one tax

benefit received by New Jersey residents, 1,121,040 returns received a

nonrefundable child and other dependent tax credit. Id. In New Jersey there were

468,820 refund anticipation check returns. Id.

102. Based on enacted federal laws and federal grant commitments, New Jersey is

expected to directly receive approximately $27.5 billion in federal funding across a broad range

of programs for fiscal year 2025, including, but not limited to:

a. more than $17 billion for the State’s Department of Human Services;
b. more than $2.8 billion for the State’s Department of Transportation
c. more than $1.2 billion for the State’s Department of Education
d. more than $1.2 billion for the State’s Department of Agriculture;
e. more than $700 million for the State’s Department of Health;
f. more than $1 billion for the State’s Department of Environmental Protection; and
g. almost $600 million for the State’s Department of Labor & Workforce
Development.
See e.g., The New Jersey Legislature Fiscal Year 2025 Appropriations Act, P.L. 2024, c.

22; Motion for Temporary Restraining Order at 116, State of New York et al v. Trump et al, No.

1:25-cv-00039, (D.R.I. Jan. 28, 2025), ECF No. 3-1. New Jersey relies on federal funding to

operate critical programs that New Jersey residents depend on, including for healthcare,

education, unemployment insurance, and infrastructure. Furthermore, salaries and benefits for

approximately 10,000 state employees—representing approximately 15 percent of the State’s

33
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 34 of 60

payroll—are funded by the federal government. Id. at 117. New Jersey relies on approximately

$56 million in federal funding per pay period to pay these employees’ salaries and benefits. Id.

103. The State of North Carolina’s General Fund received nearly $31 billion in federal

funds in Fiscal Year 2024. Additional payments from the federal government to the State of

North Carolina and its public institutions are deposited into specialized accounts, including the

Highway Fund. Most or all of these recipes are believed to come through BFS.

104. Oregon: Oregonians engaging directly with federal payment systems tied to their

individual banking and tax ID information include:

a. Over 700,000 Oregonians over the age of 65 who receive social security
payments
b. Over 270,000 Oregonians are veterans, eligible for various medical and pension
benefits
c. Approximately 19,000 Oregonians employed by federal agencies throughout
Oregon, in numerous capacities including law enforcement and disaster relief.
d. Over 500,000 Oregonians receiving or who have previously received some form
of federal student aid.
105. Oregon state agencies that receive payments include but are not limited to Oregon

Department of Emergency Management; Oregon Department of Corrections; Oregon

Department of Veterans’ Affairs, Oregon Health Authority, the Oregon Department of Human

Services, the Oregon Department of Forestry, The Oregon Department of Education, the Oregon

State Fire Marshall, Oregon Department of Geology and Mineral Industries, Oregon Water

Resources Department, Oregon Department of Land Conservation and Development, and the

Oregon Criminal Justice Commission

106. The Oregon Department of Revenue (“DOR”) sends state debtor information to

Treasury for offset against federal moneys owed to that debtor. These payments go through

BFS. DOR shares confidential taxpayer information with the Internal Revenue Service and has

agreements that require the IRS keep state taxpayer information confidential and that require
34
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 35 of 60

DOR to keep IRS information confidential too. 26 USC 6103 protects taxpayer identification

from disclosure.

107. Agencies of the State of Oregon receive funds from federal programs, and other

federal programs make payments directly to individuals or entities (such as health care

providers) in the State of Oregon. Participation in many of these programs is tied to PII of

individual Oregonians, including medical information, social security numbers, and banking

details. The affected individuals and programs include but are not limited to:

a. Over 900,000 Oregonians are eligible for Medicare and Medicare payments in the
State of Oregon exceed $12 billion.
b. Approximately $1.4 million Oregon residents receive Medicaid, administered
through the Oregon Health Plan. Between $8-10 billion dollars in federal
Medicaid funds pass through Oregon Health Plan Coordinated Care Organizations
and fee for service program each year. These funds are associated with multiple
categories of personal information of Oregonians.
c. Over $149 million in Self-Sufficiency and nutrition funds and $20 million in
Employment Related Day Care funds pass through ODHS each month.

108. Over 1.5 million Oregonians participate in either supplemental nutrition

assistance, temporary cash assistance (including programs for domestic violence survivors),

childcare support, or Medicaid. Program participants’ PII is in the Public Assistance Reporting

Information System, reported quarterly by participating state agencies. BFS has access to the

PARIS system and the highly sensitive information in it.

109. Rhode Island residents annually receive billions in federal benefits, including

social security benefits, veteran’s benefits, childcare tax credits, Medicaid and Medicare

35
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 36 of 60

reimbursements, federal employee wages, and federal tax refunds. In FY 2022 51 Rhode Island

residents received: $4,452,000,000 in social security benefits; $464,786,000 in veteran’s

benefits; $311,911,348 in childcare tax credits; $2,082,600,000 in Medicaid reimbursements;

$909,848,149 in Medicare reimbursements; $1,059,652,000 in Federal employee wages; and

$1,134,863,000 in federal tax refunds.

110. Rhode Island also receives hundreds of millions annually from the federal

government to fund a host of federal programs. In FY 2025 to date (7/1/2024-2/6/2025), the

State of Rhode Island received: $1,457,700,000 for Medicaid; $8.99 million for FEMA; $1.01

million for Byrne JAG education awards; and $8.24 million foster care programs.

111. Vermont residents receive millions of dollars in social security benefits. In 2022,

for example, over 5,500 Vermont residents received almost $9 million in Supplemental Security

Income from the Social Security Administration. In 2023, over 250,000 Vermont residents

received almost $300 million in Old-Age, Survivor, and Disability (OASD) benefits from the

Social Security Administration.

112. In 2024, approximately 3,200 federal civilian employees were based in Vermont.

Many of those employees received direct salary payments in Vermont.

113. In fiscal year 2023, more than 260,000 Vermonters received federal tax refunds.

114. Also in fiscal year 2023, Vermont had nearly 39,000 veterans, who received over

$193 million in compensation and pension benefits from the Veterans Administration.

51
FY 2022 is the most recent year the State of Rhode Island has readily available data. The following data
may be slight undercounts of the amount of federal benefits received by Rhode Islanders because it is
based on the 91 percent of federal tax returns Rhode Island has access to and publicly available data that
may underestimate the proportion of funds being received by residents of Rhode Island.
36
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 37 of 60

115. In state fiscal year 2025, Vermont is anticipated to receive over $1.5 billion in

federal Medicaid funding. As of October 2024, Vermont had enrolled 157,471 individuals in

Medicaid and CHIP.

116. In state fiscal year 2025, Vermont is anticipated to receive nearly $200 million in

federal funding to support the work of its Department for Children and Families, including

funding to support Vermont’s foster care system.

117. In 2024, Vermont municipalities were awarded over $150,000 in Byrne JAG

grants.

118. In November 2024, FEMA released over $83 million to help Vermont

communities rebuild after devastating storms and flooding that occurred in July of 2023. And in

2023, FEMA sent Vermont approximately $22 million to Vermont to reimburse the costs of

providing hotel lodging and wraparound services to the homeless and other vulnerable

Vermonters during the COVID-19 pandemic.

119. Wisconsin residents receive federal payments. Approximately 1,275,000

Wisconsinites receive federal Social Security benefits, amounting to billions of dollars of

payments. There are approximately 225,000 veterans in Wisconsin who may be eligible for

payments of federal benefits. As of March 2024, there are 18,022 federal employees in

Wisconsin who receive payments for their services. And Wisconsin, as a state, receives tens of

billions of dollars annually in federal aid, with more than half of the money going to the state’s

Department of Health Services to fund Medicaid programs that make payments to individuals.

120. The States have a strong interest in ensuring that they and their residents continue

to receive disbursement under these critical federal programs, while also not exposing the private

information of millions of Americans to security breaches, misuse, malware, or foreign actors.

37
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 38 of 60

Without such disbursements by BFS, States would be required to provide additional services to

residents denied federal benefits and services and make additional expenditures to ensure the

continued welfare of their citizens.

b. Treasury Offset Program

121. Defendant Treasury, via its Bureau of Fiscal Services, also operates the Treasury

Offset Program (TOP). This automated and centralized program intercepts both federal and state

payments (for participating reciprocal states, as explained below) to satisfy debts owed to federal

or state agencies. Depending on the nature of the debt and the federal source from which it is

withheld, offsets range from 15% to 100%. 52

122. States are often recipients of offset funds, i.e. they are often the creditors to whom

money is owed. This occurs when debtors owe state taxes, child support, SNAP debt,

unemployment debt, and others. Not all states participate in all collection programs, though.

Through TOP, states recovered $720.9 million in state income tax debt in fiscal year 2024. 53

They also recovered $197.9 million in delinquent SNAP debt, in addition to $343.7 million in

debts related to state unemployment insurance (arising from fraud or failure to report earnings,

on the one hand, and unpaid employer unemployment tax debt, on the other). 54

123. Some states enter into an agreement whereby TOP offsets federal non-tax

payments against other debts owed to state agencies. In return, those states offset their own

payments for delinquent debt owed to the federal government. This is known as the State

52
United States Dep’t of the Treasury, Bureau of the Fiscal Serv., Treasury Offset Program Fact Sheet, available at
https://fiscal.treasury.gov/files/top/TOP-rules-reqs-fact-sheet.pdf (last visited Feb. 5, 2025).

53
United States Dep’t of the Treasury, Bureau of the Fiscal Serv., Treasury Offset Program, How the Treasury Offset
Program Collects Money for State Agencies, https://www.fiscal.treasury.gov/top/state-programs.html (last visited
Feb. 5, 2025).

54
Id.
38
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 39 of 60

Reciprocal Program. States participating in this program recovered $76.2 million in fiscal year

2024.

124. In fiscal year 2024, TOP recovered $1.4 billion in child support obligations.

These payments benefit the recipients, but also the States where those recipients reside. Those

States enjoy a widened tax base, and might be subject to reduced entitlement claims by those

families. Additionally, the States may themselves receive money from those child-support

offsets. For example, the Temporary Assistance for Needy Families (TANF) program requires

families receiving assistance to assign their right to child support to the State. 42 U.S.C. §

608(a)(3); see, e.g., Ariz. Rev. Stat. § 46-407(A) (assigning support rights to the State where the

parent entitled to the support has benefited from TANF). Therefore, a child support obligation

that goes unfulfilled is often a monetary harm to the State.

125. To facilitate child support offsets, States report to defendant Treasury those

individuals who owe child support to state residents. In response, Treasury diverts payments

(primarily but not exclusively federal tax refunds) meant for those debtors, to the state agency

responsible for child support. That agency then distributes the money to the recipients (or

assignees). Those reports necessarily include such personally identifiable information as names,

dates of birth, and social security numbers.

126. States are also, at times, recipients of federal funds subject to offsetting. That is, a

State may owe the federal government money, and as a result see an offset against its federal

payments.

127. Much information regarding child support is protected from general disclosure.

See Safeguarding Child Support Information Rule, 45 C.F.R. § 303.21. With certain exceptions,

state agencies “may not disclose any confidential information, obtained in connection with the

39
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 40 of 60

performance of IV-D 55 functions, outside the administration of the IV-D program.” Id. (c).

Violations are subject to civil monetary penalties and other sanctions under other statutes. Id. (f).

128. That information is also subject to further regulation at the state level. For

instance, in Arizona, Ariz. Rev. Stat. § 41-1959(A) protects personally identifiable information

of “any applicant, claimant, recipient, employer or client” of the Department of Economic

Security. A violation of that statute is a class 2 misdemeanor under state law. Id. (D).

129. Of course, States provide other sensitive data, too. That includes not only the

personally identifiable information the States provide about others, but also their own banking

information. See Treasury/Fiscal Service SORN .002, Categories of Records.

130. The relevant State agencies, then, have an interest in the privacy and security of

the data they provide to the Treasury.

131. The unauthorized access puts those privacy and security interests at risk.

132. States also have an interest in the integrity and smooth functioning of the offset

program. As creditors receiving offsets, States recover millions of dollars each year from the

program. Any threat to its functioning and effectiveness is a clear pocketbook risk to the plaintiff

States.

133. As recipients of federal funds subject to offsets, States also have an interest in the

accuracy of the offset system. For example, unaccountable personnel with the ability to write to

the payment system could create offsets where no legitimate debt exists, or misrepresent the

amount of the debt. Even those with read access could use information from the payment system

to encourage an agency to withhold a payment.

55
Title IV-D of the Social Security Act requires states to provide child support services.
40
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 41 of 60

c. Treasury’s Change in Access Policy

134. Until several days ago, access to BFS’s payment systems was restricted to very

few government employees, all of whom were career civil servants with a need for access to

perform their duties of ensuring the smooth and secure operations of BFS. On information and

belief, neither political appointees nor “special government employees” were permitted to access

the systems. 56

d. Creation of DOGE

135. Treasury recently changed its policy to allow for broader access to BFS’s

payment systems. As of February 2, 2025, political appointees and special government

employees, including DOGE leader Elon Musk and team members Tom Krause, the chief

executive officer of Citrix and Cloud Software group, Marko Elez, and newly-hired “special

government employee[s],” were granted access. 57 Notably, Elez spent several days with

‘administrator privilege access’ with the ability to overwrite code. 58

136. When he initially announced DOGE, President Trump stated that it would not be

a formal part of the government, despite its governmental-sounding name. 59 Instead, DOGE

56
“Special government employee” refers to an advisor, expert, or consultant who is appointed to work
with the federal government for a limited period of time, 18 U.S.C. § 202, subject to some, but not all of
the ethics provisions that govern the conduct of regular employees. See
https://crsreports.congress.gov/product/pdf/LSB/LSB10183.
57
See Leader Schumer Floor Remarks On Presiden... | The Senate Democratic Caucus; also, Senator Ron
Wyden (@wyden.senate.gov), Blue Sky (Feb. 1, 2025, 3:37 PM),
https://bsky.app/profile/wyden.senate.gov/post/3lh5ejpwncc23 (describing it as “full” access to the
Treasury’s payments system).
58
https://www.wired.com/story/elon-musk-associate-bfs-federal-payment-system/
59
On November 12, 2024, President Trump announced the creation of DOGE and stated “that the Great
Elon Musk, working in conjunction with American Patriot Vivek Ramaswamy,” would lead the newly-

41
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 42 of 60

would “provide advice and guidance from outside of Government” to “the White House” in the

form of recommendations that President Trump said he expects will “pave the way” for the

Trump-Vance Administration to “dismantle,” “slash,” and “restructure” federal programs and

services. 60

137. As implemented, DOGE is a suborganization within the former U.S. Digital

Service (“USDS”), a technology unit housed within the Executive Office of the President of the

United States. DOGE was established by Executive Order 14158 on January 20, 2025 (the

“Order”), as a temporary organization under 5 U.S.C. § 3161. Exec. Order 14,158, 90 Fed. Reg.

18 (Jan. 29, 2025). The Order also renames USDS to the United States DOGE Service (USDS),

and establishes the “U.S. DOGE Service Temporary Organization” within USDS.

138. While most members of DOGE appear to have been hired as “special government

employees” under the color of 18 U.S.C. § 202(a), many of the DOGE members given access to

BFS were not employees of Treasury, a violation of the Privacy Act. In addition, when these

special government employees’ 130 days of federal service is up, they will be able to return to

positions in the private sector.

139. The conduct of DOGE members presents a unique security risk to States and State

residents whose data is held by BFS, given that DOGE employees have already reportedly set up

an unauthorized commercial server at another federal agency without a privacy impact

assessment as required by the 2002 E-Government Act. Access by DOGE employees to BFS is

likely to present even greater risks to the security and privacy of States’ and their residents’ data.

formed entity. See Donald J. Trump (@realDonaldTrump), Truth Social (Nov. 12, 2024, 7:46 PM ET),
https://truthsocial.com/@realDonaldTrump/posts/113472884874740859.
60
Id.

42
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 43 of 60

140. Unsecure data is susceptible to cyber attacks and identity theft. Identity theft has

a significant impact on States, beyond the financial well-being of its residents. It strains law

enforcement resources, damages state economies through lost productivity and consumer

confidence, and raises costs for the state to redress fraudulent claims made from stolen identities

for unemployment and healthcare benefits.

141. DOGE has rapidly accumulated immense power within the Trump administration,

and there is reason for the States to be concerned that Treasure payments are beginning to be

blocked. Responding to a social media post about certain federal program grants awarded by the

Department of Health and Human Services disbursed by BFS, Musk put it more directly in a post

on February 2, 2025 – the day he and his DOGE team gained access to BFS’s payment systems:

“The @DOGE team is rapidly shutting down these illegal payments.” 61 Defendants have not

provided any basis to assert that transactions pursuant to numerous federal programs created to

carry out laws duly enacted by Congress are “illegal payments.” Nor have they identified any

authority in DOGE, or BFS for that matter, to “shut[] down” payments.

142. Secretary Bessent’s implementation of Treasury’s new broader access policy,

allowing Musk and his DOGE team 62 to access BFS’s payment systems, was adopted without

any public announcement or explanation. To date, Defendants have provided no reasons at all to

61
Elon Musk on X: "The @DOGE team is rapidly shutting down these illegal payments" / X
62
According to public reporting members of Musk’s DOGE team include Tom Krause, the CEO at Cloud
Software Group, https://www.crn.com/news/cloud/2025/krause-keeps-citrix-parent-ceo-role-amid-work-
with-treasury-musk-s-doge, and, until his resignation yesterday, a twenty-five year old individual named
Marko Elez, who had been granted “access and alteration privileges” prior to his resignation.
https://www.wired.com/story/treasury-department-doge-marko-elez-access/

43
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 44 of 60

justify the new policy, nor did Treasury conduct a privacy impact assessment prior to

implementing the change.

143. According to public reporting, access by Mr. Musk, Mr. Krause, and other

unidentified DOGE team members 63 under the new policy to BFS’s payment systems includes

“administrator-level privileges, including the ability to write code on the Payment Automation

Manager [(PAM)] and the Secure Payment System [(SPS)].” 64

144. “Administrator level” privileges includes the ability to log into agency servers

through secure shell access, navigate the entire system file, change user permissions, and delete

or modify files, including critical files.

145. “Administrator level” access allows the user to have more than a “read only”

functionality within the information system.

146. Even before its inception, DOGE members sought sensitive data information

about the Treasury Payment Systems, including the code underwriting the Treasury payment

systems. Consistent with policy, a non-Treasury employee was denied access from any such

information or access at that time. By Jan. 29, 2025, however, Secretary Bessent changed

policies and granted Mr. Musk and his DOGE team members access to the BFS Treasury

payment systems. By granting DOGE members to access, the agency ignored the already

existent policies and practices put into place to maintain the security of Treasury’s sensitive

63
One news media outlet reports that among the DOGE team members who have been granted access to
BFS’s payment systems as a “special government employee” is a 25-year old engineer who previously
worked on search AI for Musk’s companies X and SpaceX. A 25-Year-Old With Elon Musk Ties Has
Direct Access to the Federal Payment System | WIRED.
64
https://www.huffpost.com/entry/elon-musk-doge-aide-treasury-payments-administrative-
privileges_n_67a25541e4b042f60737bd47

44
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 45 of 60

systems. Secretary Bessent failed to offer any reasoning or findings as to why Treasury would

change policies in contravention of the privacy policies.

e. The prior policy in place under Acting Secretary Lebryk

147. Upon information and belief, Musk and DOGE had signaled interest in accessing

the Treasury systems between December of 2024 65 through January 20, 2025, but any of Musk’s

particular requests to access the Treasury systems was denied by then-Acting Treasury Secretary

David Lebryk. 66

148. Upon information and belief, in connection with his role working with DOGE,

Krause previously sought, but was denied, Treasury code information from Lebryk. 67

149. According to public reporting, despite DOGE team’s representations that their

goal was “to undertake a review of the [Treasury’s] system,” as evidenced in a Jan. 24, 2025

email exchange, Krause’s DOGE-affiliated push for access to the Treasury payment system were

actually intended to “receive access to the closely held payment system so that Treasury could

freeze disbursements to the U.S. Agency for International Development (“U.S.A.I.D.”).” 68

65
According to public reporting, DOGE representatives began asking Lebryk for source code information
related to the Treasury’s payment system during the Presidential transition period. Lebryk “raised the
request to Treasury officials at that time, noting that it was the type of proprietary information that should
not be shared ith people who did not work for the federal government.” Treasury Official Quits After
Resisting Musk’s Requests on Payments - The New York Times

https://www.theguardian.com/technology/2025/feb/02/elon-musk-doge-access-federal-
66

payment-system
67
Treasury Official Quits After Resisting Musk’s Requests on Payments - The New York Times
68
Treasury Sought to Freeze Foreign Aid Payments, Emails Show - The New York Times

45
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 46 of 60

150. Emails identified in the public reporting stated the that the purpose of Mr.

Krause’s DOGE-related access to the system was to “pause U.S.A.I.D. payments and comply

with Mr. Trump’s Jan. 20 executive order to halt foreign aid.” 69

151. According to public reporting, Lebryk denied the request to grant Krause access

to the systems; in a Jan. 24, 2025 email, Lebryk wrote, “I don’t believe we have the legal

authority to stop an authorized payment certified by an agency.” 70

152. Upon information and belief, shortly after Lebryk denied Krause’s access,

Defendant Bessent placed former Secretary Lebryk (a career civil servant) on administrative

leave, eventually pushing Lebryk out of the job days later, before granting Musk’s DOGE access

request to the Treasury systems. 71

153. According to public reporting, in further communicating about the denial of his

access request, Krause urged Treasury to “hold payment at least to review the underlying

payment requests from U.S.A.I.D. now so that we can be given more time to consult [the] State

[Department].” 72

CAUSES OF ACTION
COUNT ONE
(Violation of APA § 706(2) – Exceeding Statutory Authority)
154. The States reallege and incorporate by reference the allegations set forth in the

preceding paragraphs.

69
Id.
70
Id.

Treasury Official Quits After Resisting Musk’s Requests on Payments - The New York Times;
71

Treasury Sought to Freeze Foreign Aid Payments, Emails Show - The New York Times.
72
Treasury Sought to Freeze Foreign Aid Payments, Emails Show - The New York Times..
46
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 47 of 60

155. Under the APA, courts must “hold unlawful and set aside agency action” that is

“in excess of statutory jurisdiction, authority, or limitations, or short of statutory right.” 5 U.S.C.

§ 706(2)(C).

156. Defendants may only exercise authority conferred by statute. City of Arlington v.

FCC, 569 U.S. 290, 297-98 (2013).

157. Defendants have no authority under the federal laws or regulations to adopt or

implement the new policy of granting BFS payment system access to political appointees or

special government employees and/or for the unauthorized purpose of blocking or impeding

payments (the “Agency Action”).

158. The Agency Action exceeds Defendants’ authority under the statutes that govern

the collection, storage, handling, and disclosure of PII and confidential financial information

because it grants payment system access to political appointees and special government

employees and/or for unauthorized purposes.

159. The Agency Action also exceeds Defendants’ authority under the statutes that

govern the collection, storage, handling, and disclosure of PII and confidential financial

information because it permits payment systems to be accessed on non-government third-party

servers.

160. The Agency Action is therefore “in excess of statutory jurisdiction, authority, or

limitations, or short of statutory right,” in violation of the APA. 5 U.S.C. § 706(2)(C).

161. Defendants’ violation causes ongoing harm to States and their residents.

COUNT TWO
(Violation of APA § 706(2)(A) – Contrary to Law)

47
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 48 of 60

162. The States reallege and incorporate by reference the allegations set forth in the

preceding paragraphs.

163. Under the APA, a court must set “aside agency action” that is “not in accordance

with law.” 5 U.S.C. § 706(2)(A).

164. Section 208 of the E-Government Act of 2002, 44 U.S.C. § 101 et seq., mandates

that an agency conduct a privacy impact assessment before “developing or procuring information

technology that collects, maintains, or disseminates information that is in an identifiable form.”

Section 208(b)(1)(A)(i). The purpose of this provision “is to ensure sufficient protections for the

privacy of personal information” maintained by government agencies. Section 208(a). There is

no authority under this statute to develop a plan to disseminate PII or other sensitive information

without conducting in advance a privacy impact assessment, which Defendants did not do before

adopting and implementing the Agency Action.

165. Pursuant to the Code of Federal Regulations, title 31, subtitle A, Part 1, section

1.32, there are restraints concerning Treasury’s collection, use, disclosure and protection of

SSNs. Specifically, the Office of the Secretary of the Treasury, within Treasury, has specific

guidelines on when the Secretary must collect and maintain full SSNs, as well as the prohibitions

on disclosure of SSNs.

166. The Privacy Act of 1974 sets forth conditions for disclosure of

private information and precludes an agency from disclosing information in its files to any person

or to another agency without the prior written consent of the individual to whom the information

pertains. See 5 U.S.C. § 552a(b). The Privacy Act lists 13 exceptions to the bar on disclosure, but

none can be reasonably construed to permit disclosure to SGEs or political appointees who have

no “need for the record in the performance of their duties,” 5 U.S.C. § 552a(b)(1). Nor does the

48
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 49 of 60

Privacy Act authorize disclosure without following a notice protocol, 73 which the Agency Action

does not do. See 5 U.S.C. § 552a(e)(11). The notice must include information on the categories of

individuals and records in the system, the routine uses of the records, and the agency's policies on

storage, access, retention, and disposal. 5 U.S.C. § 552a(e)(4). 74

167. Pursuant to the Tax Reform Act of 1976, 26 U.S.C. § 6103, tax information,

including returns and return information, is to be treated as confidential and subject to disclosure

only when expressly authorized by statute. For employees of the Treasury Department, disclosure

of tax information is strictly limited to those “officers and employees” “whose official duties

require such inspection or disclosure for tax administration purposes.” 26 U.S.C. § 6103(h)(1).

There is no authority under the statute to allow disclosure to SGEs or any other employees who

perform no duties that relate to tax administration purposes.

168. There are also regulations that govern Treasury’s collection, use, disclosure and

protection of SSNs. Specifically, the Office of the Secretary of the Treasury, within Treasury, has

specific guidelines on when the Secretary must collect and maintain full SSNs, as well as

restrictions on disclosure of SSNs: “[w]henever feasible, Treasury must mask, or truncate/partially

redact Social Security numbers visible to authorized Treasury/component information technology

users so they only see the portion (if any) of the Social Security number required to perform their

official Treasury duties.” 31 C.F.R. § 1.32(d). These regulations do not authorize Treasury to grant

indiscriminate access to full SSNs, particularly to those who have no job-related need for access.

73
Under the Privacy Act, an agency that has a system of records about individuals must publish a
notice in the Federal Register “of the existence and character” of that system (“SORN”). 5 U.S.C.
§ 552a(e)(4).
74
“Routine use” refers to using records for purposes compatible with their original collection (5
U.S.C. § 552a(a)(7)).
49
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 50 of 60

169. Finally, Title 18 of the U.S. Code imposes ethics rules onto federal employee

conduct in order to avoid conflicts, including those that arise from personal interests that affect

official action. See 18 U.S.C. § 208(a) 75; see also 5 C.F.R. part 260. SGEs are governed by these

ethics rules, including § 208(a), and subject to penalties under section 216 of the Code. See 18

U.S.C. § 216 (describing the penalties and injunctions for violating, inter alia, §§207 and 208,

include civil penalties up to $50,000 for each violation, or an injunction to enjoin further

violations). The only exception from § 208(a)’s requirements relevant here would be for the

appointing official of an SGE (with a duly filed financial disclosure pursuant to chapter 5 of title

31) to review the SGE’s disclosure and certify that the SGE’s work “outweighs the conflict of

interest.” 18 U.S.C. § 207(c). The statute does not authorize disclosure to an SGE without such a

certification. Defendants’ violations cause ongoing harm to States and their residents.

170. The Agency Action fails to comply with the dictates of each of these regulations.

COUNT THREE
(Violation of APA § 706(2)(A) – Arbitrary and Capricious)
171. The States reallege and incorporate by reference the allegations set forth in the

preceding paragraphs.

75
“Except as permitted by subsection (b) hereof, whoever, being an officer or employee of the
executive branch of the United States Government, or of any independent agency of the United
States, a Federal Reserve bank director, officer, or employee, or an officer or employee of the
District of Columbia, including a special Government employee, participates personally and
substantially as a Government officer or employee, through decision, approval, disapproval,
recommendation, the rendering of advice, investigation, or otherwise, in a judicial or other
proceeding, application, request for a ruling or other determination, contract, claim, controversy,
charge, accusation, arrest, or other particular matter in which, to his knowledge, he, his spouse,
minor child, general partner, organization in which he is serving as officer, director, trustee, general
partner or employee, or any person or organization with whom he is negotiating or has any
arrangement concerning prospective employment, has a financial interest—
Shall be subject to the penalties set forth in section 216 of this title.”

50
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 51 of 60

172. The APA provides that courts must “hold unlawful and set aside” agency action

that is “arbitrary, capricious, [or] an abuse of discretion.” 5 U.S.C. § 706(2)(A).

173. The Agency Action is arbitrary and capricious because when adopting and

implementing the Agency Action Defendants failed to provide a reasoned explanation for the

change in longstanding Treasury policy restricting access to BFS payment systems to career civil

servants who need access to perform their job functions and who have demonstrated compliance

with the numerous privacy and security requirements for access to the system and sensitive

information contained therein.

174. The Agency Action is arbitrary and capricious because when adopting and

implementing the Agency Action Defendants failed to consider harms that flow from expanding

access to BFS payment systems to political appointees and special government employees,

especially where as here they have stated that their objective is to block payments to

beneficiaries who are not aligned with the President’s agenda.

175. The Agency Action is therefore “arbitrary, capricious, [or] an abuse of discretion”

in violation of the APA. 5 U.S.C. § 706(2)(A).

176. Defendants’ violation causes ongoing harm to Plaintiffs and their residents.

COUNT FOUR
(Ultra Vires)
177. The States reallege and incorporate by reference the allegations set forth in the

preceding paragraphs.

178. Defendants have no authority under the federal laws or regulations to adopt or

implement the new policy of granting BFS payment system access to political appointees or

51
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 52 of 60

special government employees and/or for the unauthorized purpose of blocking or impeding

payments.

179. Because Defendants have adopted and implemented the Agency Action by

granting payment system access to DOGE personnel for the purpose of identifying, blocking,

and/or impeding the payment of funds appropriated by Congress, their conduct is ultra vires and

a preliminary and permanent injunction barring the Defendants from continuing to implement the

Agency Action should issue.

COUNT FIVE
(Violation of the Separation of Powers Doctrine—
Usurping Legislative Authority)

180. The States reallege and incorporate by reference the allegations set forth in the

preceding paragraphs.

181. Article I, Section 1 of the United States Constitution enumerates that: “[a]ll

legislative Powers herein granted shall be vested in Congress.” U.S. Const. Art. I, Sec. 1. “The

Framers viewed the legislative power as a special threat to individual liberty, so they divided that

power to ensure that ‘differences of opinion’ and the ‘jarrings of parties’ would ‘promote

deliberation and circumspection’ and ‘check excesses in the majority.’” Seila Law LLC v.

CFPB, 591 U.S. 197, 223 (2020) (quoting The Federalist No. 70, at 475 (A. Hamilton) and No.

51, at 350)).

182. “As Chief Justice Marshall put it, this means that ‘important subjects . . . must be

entirely regulated by the legislature itself,’ even if Congress may leave the Executive ‘to act

under such general provisions to fill up the details.’” West Virginia v. EPA, 597 U.S. 697, 737

52
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 53 of 60

(2022) (Gorsuch, J., concurring) (quoting Wayman v. Southard, 10 Wheat. 1, 42-43, 6 L.Ed. 253

(1825)).

183. The separation of powers doctrine thus represents a central tenet of our

constitution. See e.g., Trump v. United States, 603 U.S. 593, 637–38 (2024); Seila Law LLC, 591

U.S. at 227.

184. Consistent with these principles, executive branch powers are limited to those

specifically conferred by the Constitution and federal statutes, and do not include any undefined

residual or inherent power.

185. The United States Constitution does not authorize the Executive Branch to enact,

amend, or repeal statutes. Clinton v. City of New York, 524 U.S. 417, 438 (1998).

186. Indeed, Executive Branch officials act at the lowest ebb of their constitutional

authority and power when they act contrary to the express or implied will of Congress.

Youngstown Sheet & Tube Co. v. Sawyer, 343 U.S. 579, 637 (1952) (Jackson, J., concurring).

187. Executive Branch agencies derive their rulemaking authority from statutes

enacted by Congress, which prescribe the manner in which agencies are to regulate.

188. Where the President, by Executive Order or otherwise, directs an agency to take

an action that runs afoul of a statute or the legislative intent of Congress, violates the Separation

of Powers doctrine.

189. Here, the only reason that has been publicly articulated for the Agency Action is

to enable the DOGE team to block payments to States and their residents of federal funds that

have been appropriated by Congress.

190. The only basis to explain the Agency Action is an attempt to usurp Congress’s

power of the purse in violation of the Separation of Powers doctrine.

53
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 54 of 60

191. And for the same reasons that the Agency Action exceeds statutory authority, it

also usurps Congress’s exclusive legislative authority and contravenes its express statutory

mandates restricting the disclosure of private information by federal agencies. See Clinton, 524

U.S. at 438; also, 5 U.C.S. sec. 552a(b).

192. This Court is authorized to enjoin any action by the Executive Branch that “is

unauthorized by statute, exceeds the scope of constitutional authority, or is pursuant to

unconstitutional enactment.” Youngstown Sheet & Tube Co. v. Sawyer, 103 F. Supp. 569 (D.D.C.

1952), aff’d, 343 U.S. 579 (1952).

193. The States are further entitled to a preliminary and permanent injunction

enjoining the Defendants from adopting and implementing the Agency Action.

COUNT SIX
(Violation of the Take Care Clause)

194. The States reallege and incorporate by reference the allegations set forth in the

preceding paragraphs.

195. The Take Care Clause provides that the President must “take Care that the Laws

be faithfully executed….” U.S. Const. Art. II, Sec. 3, Clause 3; UARG v. EPA, 573 U.S. 302,

327 (2014) (“Under our system of government, Congress makes the laws and the

President…faithfully executes them.”).

196. In many instances, Congress has delegated to federal agencies the authority to

implement laws through regulation.

197. By directing that the Agency Action be adopted and implemented, the President

has failed to faithfully execute the laws enacted by Congress in violation of the Take Care

Clause.
54
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 55 of 60

198. Pursuant to 28 U.S.C. § 2201, the States are entitled to a declaration that the

Agency Action violates the Take Care clause of the U.S. Constitution.

199. The States are further entitled to a preliminary and permanent injunction

preventing Defendants from continuing to implement the Agency Action.

PRAYER FOR RELIEF

WHEREFORE, the States pray that this Court:

a. Issue a temporary restraining order and preliminary and permanent injunctions

barring Defendants from granting to political appointees, special government
employees, and any government employee detailed from an agency outside the
Treasury Department access to any Treasury Department payment systems or any
other data systems maintained by the Treasury Department containing personally
identifiable information and/or confidential financial information of payees, and
ordering any such person who has unlawfully received such information to
destroy or return it;

b. Issue a temporary restraining order and preliminary and permanent injunction

barring Defendants from granting access to Treasury Department payments or any
other data systems maintained by the Treasury Department containing personally
identifiable information and/or confidential financial information of payees to any
person unless that person has passed all background checks, security clearance,
and information security training called for in federal statutes and Treasury
Department regulations, and otherwise excluding political appointees and special
government employees.

c. Issue a declaration that granting access to political appointees, special government

employees, and any government employee detailed from an agency outside the
Treasury Department to any Treasury Department payment systems or any other
data systems maintained by the Treasury Department containing personally
identifiable information and/or confidential financial information of payees is
agency action that is ultra vires, unlawful, and unconstitutional;

d. Award the States their reasonable fees, costs, and expenses, including attorneys’
fees, pursuant to 28 U.S.C. § 2412; and

e. Award such other relief as this Court may deem just and proper.

Dated: New York, New York

February 7, 2025
55
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 56 of 60

Respectfully submitted,

LETITIA JAMES KRISTEN K. MAYES

ATTORNEY GENERAL OF NEW YORK ATTORNEY GENERAL OF ARIZONA

By: /s Andrew Amer By: /s Joshua D. Bendor*

Andrew Amer Joshua D. Bendor*
Special Counsel Joshua A. Katz*
Rabia Muqaddam 2005 North Central Avenue
Special Counsel for Federal Initiatives Phoenix, Arizona 85004
Colleen K. Faherty (602) 542-3333
Special Trial Counsel Joshua.Bendor@azag.gov
28 Liberty Street Joshua.Katz@azag.gov
New York, NY 10005
(212) 416-6127
andrew.amer@ag.ny.gov
Counsel for the State of Arizona
Counsel for the State of New York

ROB BONTA PHIL WEISER

ATTORNEY GENERAL OF CALIFORNIA ATTORNEY GENERAL OF COLORADO

By: /s/ Michael S. Cohen By: /s Shannon Stevenson

Michael S. Cohen* Shannon Stevenson*
Deputy Attorney General Solicitor General
Thomas S. Patterson* Office of the Colorado Attorney General
Senior Assistant Attorney General 1300 Broadway, #10
Mark R. Beckington* Denver, CO 80203
John D. Echeverria* (720) 508-6000
Supervising Deputy Attorneys General shannon.stevenson@coag.gov
Nicholas Green*
Jay Russell* Counsel for the State of Colorado
Deputy Attorneys General
California Attorney General’s Office
1300 I Street, Suite 125
P.O. Box 944255
Sacramento, CA 94244-2550
(916) 210-6090
Michael.Cohen@doj.ca.gov

Counsel for the State of California

1
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 57 of 60

WILLIAM TONG KATHLEEN JENNINGS

ATTORNEY GENERAL OF CONNECTICUT ATTORNEY GENERAL OF DELAWARE

By: /s Matthew Fitzsimmons By: /s/ Vanessa L. Kassab

Matthew Fitzsimmons* Ian R. Liston
Chief Counsel Director of Impact Litigation
165 Capitol Ave Vanessa L. Kassab
Hartford, CT 06106 Deputy Attorney General
(860) 808-5318 Delaware Department of Justice
Matthew.fitzsimmons@ct.gov 820 N. French Street
Wilmington, DE 19801
(302) 683-8899
Counsel for the State of Connecticut vanessa.kassab@delaware.gov

Counsel for the State of Delaware

ANNE E. LOPEZ KWAME RAOUL

ATTORNEY GENERAL OF HAWAIʻI ATTORNEY GENERAL OF ILLINOIS

By: /s Kalikoʻonālani D. Fernandes By: /s/ Darren Kinkead

David D. Day* Darren Kinkead
Special Assistant to the Attorney General Public Interest Counsel
Kalikoʻonālani D. Fernandes* 115 S. LaSalle St.
Solicitor General Chicago, Illinois 60603
425 Queen Street (773) 590-6967
Honolulu, HI 96813 Darren.Kinkead@ilag.gov
(808) 586-1360
kaliko.d.fernandes@hawaii.gov
Counsel for the State of Illinois

Counsel for the State of Hawaiʻi

AARON M. FREY ANTHONY G. BROWN

ATTORNEY GENERAL OF MAINE ATTORNEY GENERAL OF MARYLAND

By: /s/ Jason Anton By: /s Adam D. Kirschner*

Jason Anton Adam D. Kirschner
Assistant Attorney General Senior Assistant Attorney General
Office of the Attorney General Office of the Attorney General
6 State House Station 200 Saint Paul Place, 20th Floor
Augusta, ME 04333-0006 Baltimore, Maryland 21202
(207) 626-8800 (410) 576-6424
jason.anton@maine.gov akirschner@oag.state.md.us

Counsel for the State of Maine Counsel for the State of Maryland

2
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 58 of 60

ANDREA JOY CAMPBELL KEITH ELLISON

ATTORNEY GENERAL ATTORNEY GENERAL OF MINNESOTA
COMMONWEALTH OF MASSACHUSETTS
By: /s Liz Kramer
By: /s/ David C. Kravitz Liz Kramer*
David C. Kravitz Solicitor General
State Solicitor 445 Minnesota Street, Suite 1400
One Ashburton Place St. Paul, Minnesota, 55101
Boston, MA 02108 (651) 757-1010
617-963-2427 Liz.Kramer@ag.state.mn.us
david.kravitz@mass.gov

Counsel for the Commonwealth of Counsel for the State of Minnesota

Massachusetts

AARON D. FORD MATTHEW J. PLATKIN

ATTORNEY GENERAL OF NEVADA ATTORNEY GENERAL OF NEW JERSEY

By: /s/ Heidi Parry Stern By: /s David Leit

Heidi Parry Stern (Bar. No. 8873) David Leit
Solicitor General Assistant Attorney General
Office of the Nevada Attorney General (609) 414-4301
1 State of Nevada Way, Suite 100 david.leit@law.njoag.gov
Las Vegas, NV 89119
HStern@ag.nv.gov Kashif Chand
Chief, Deputy Attorney General
(609) 696-5160
Counsel for the State of Nevada kashif.chand@law.njoag.gov

124 Halsey Street

Newark, NJ 07101

Counsel for the State of New Jersey

3
 Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 59 of 60

JEFF JACKSON DAN RAYFIELD

ATTORNEY GENERAL OF NORTH CAROLINA ATTORNEY GENERAL OF OREGON

By: /s/ Elleanor H. Chin

LAURA HOWARD Elleanor H. Chin
CHIEF DEPUTY ATTORNEY GENERAL Senior Assistant Attorney General
Department of Justice
By /s/ Daniel P. Mosteller 100 SW Market Street
Associate Deputy Attorney General Portland, OR 97201
North Carolina Department of Justice (971) 673-1880
PO Box 629 elleanor.chin@doj.oregon.gov
Raleigh, NC 27602
919-716-6026 Counsel for the State of Oregon
dmosteller@ncdoj.gov

Counsel for State of North Carolina

PETER F. NERONHA CHARITY R. CLARK

ATTORNEY GENERAL OF RHODE ISLAND ATTORNEY GENERAL OF VERMONT

By: /s/ Alex Carnevale* By: /s/ Jonathan Rose

Alex Carnevale* Jonathan Rose*
Special Assistant Attorney General Solicitor General
Office of the Attorney General – State of Appellate Unit
Rhode Island Office of the Attorney General
150 South Main Street 109 State Street, 3rd Floor
Providence, RI 02903 Montpelier, VT 05609
(401) 274 4400 (802) 793-1646
acarnevale@riag.ri.gov jonathan.rose@vermont.gov

Counsel for the State of Rhode Island Counsel for the State of Vermont

JOSH KAUL
ATTORNEY GENERAL OF WISCONSIN

By: /s/ Brian P. Keenan

Brian P. Keenan
State Bar #1056525
Wisconsin Department of Justice
Post Office Box 7857
Madison, Wisconsin 53707-7857
(608) 266-0020
keenanbp@doj.state.wi.us

Counsel for the State of Wisconsin

4
Case 1:25-cv-01144 Document 1 Filed 02/07/25 Page 60 of 60