Opinion editor's note: Editorials represent the opinions of the Minnesota Star Tribune Editorial Board, which operates independently from the newsroom.

•••

It was only last spring that data privacy and protection was a top congressional priority.

After a February 2024 cyberattack on a UnitedHealth Group subsidiary put sensitive consumer information at risk, the U.S. Senate and House summoned UnitedHealth CEO Andrew Witty to answer questions. Two hearings, both held May 1, put a harsh spotlight on the breach. Members of Congress quickly grasped the basic issue. The UHG subsidiary didn't have "multi-factor authentication" — which requires employees to have at least two credentials to log in — in place across its systems.

The absence of this basic security measure inspired understandable ire and incredulity from politicians grilling Witty. UHG's responsibilities include protecting some of consumers' most sensitive data. How could the subsidiary have lacked this fundamental safeguard?

Members of Congress need to summon that same outrage about data protection once again. This time, it's Elon Musk who should be hauled in to testify.

Musk, a South African-born billionaire, has been tasked under the new Trump administration with finding ways to cut federal government spending. The role is supposedly advisory through a controversial entity referred to as the Department of Government Efficiency, which appears to consist of Musk and small crew of unvetted tech loyalists aged 19-24.

On Sunday, the Washington Post reported an alarming development. DOGE is "seeking access to a heavily guarded Internal Revenue Service system that includes detailed financial information about every taxpayer, business and nonprofit in the country."

This would include the agency's "Integrated Data Retrieval System, or IDRS, which enables tax agency employees to access IRS accounts — including personal identification numbers — and bank information. It also lets them enter and adjust transaction data and automatically generate notices, collection documents and other records."

Just like the health information exposed by the ransom attack on the UHG subsidiary, this is some of Americans' most sensitive data. It should be guarded with extraordinary care. How in the world does that include letting Musk and his dubious crew access it?

DOGE's mission is to cut costs and streamline operations. It shouldn't need individuals' bank and other financial information to do that. Such a demand is unsettling also because of questions about the Musk crew's credentials and character.

The Trump administration is risking real harm and a public-relations nightmare if Musk's new access leads to a breach. President Donald Trump should shut down this foolhardy idea now.

Congress also has a role here and should demand that Musk explain publicly why he needs this access and how he'd prevent hackers from taking advantage of it. Witty's pummeling at last spring's congressional hearings was deserved, and it's called accountability. Musk should be held to the same standard.