In early February, Edward “Big Balls” Coristine was one of two operatives for Elon Musk’s so-called Department of Government Efficiency (DOGE) granted potentially wide-ranging access to a number of systems at the Small Business Administration (SBA). Through that foray, DOGE gained access to the National Finance Center (NFC), a sensitive system that provides human resources and payroll functions for the Department of Justice (DOJ), Department of Homeland Security (DHS), and the Federal Bureau of Investigation (FBI), among other agencies.
This access has not been previously reported. And new reporting from WIRED, including the review of hundreds of pages of documents obtained through a Freedom of Information Act request, offers insight into the comprehensive access DOGE operatives were able to gain to federal systems in the early days of the second Trump administration—and just how quickly they got it.
Coristine is a 19-year-old who was one of DOGE’s earliest hires and was brought on as a permanent government employee at the General Services Administration (GSA) before resigning and then resurfacing as a special government employee at the Social Security Administration. He and Donald Park, a Brazilian jiujitsu enthusiast and private equity investor, have previously been identified as DOGE operatives at the SBA who sought access to HR, contracting, and payment systems and information. Neither replied to requests for comment.
Records reviewed by WIRED show that within five hours of a request from the office of the SBA’s chief information officer that they be given access to SBA systems, Park and Coristine—who went by the online name “Big Balls” and had reportedly been fired from an internship at a network monitoring firm known for hiring reformed blackhat hackers, after being suspected of leaking internal information—were granted entrance to the agency’s core financial and loan systems. Not long after that, Coristine had access to NFC systems not even housed within the SBA, the agency to which he had been detailed.
The mechanical process of granting access appears to have started just past noon on February 3, when Stephen Kucharski, the director of the SBA’s Office of Performance Systems Management, an office in the SBA’s Office of Capital Access, emailed 19 colleagues with an urgent request. Two DOGE affiliates, he said, were to be given the digital keys to the agency immediately.
Under the subject line “system access for Edward Coristine” Kucharski wrote, “Please help me and my OCIO colleagues as we mobilize to provide Edward Coristine and Donald Park Admin access to all SBA systems. This action has been cleared and we are on a very short time frame. Doug will be arranging a call to answer questions and I will add Edward to this distribution list as soon as we create his SBA account. His account should be completed very shortly.” The two biggest priorities, he added, were the SBA’s human resources system and its contract system, to include “detailed data on all active procurements.”
Four minutes after sending his initial request, Kucharski followed up to add the SBA’s chief information security officer. At 12:33 pm, Elias Hernandez, the associate administrator for the Office of Veterans Business Development, followed up with a message titled “URGENT REQUEST FROM SBA!” to a smaller group addressed to Michael Jackson, the director of the NFC. (Kucharski, Hernandez, and Jackson did not reply to requests for comment.)
“Please help me get this request to the right NFC leaders who can make this happen ASAP,” Hernandez wrote. “We need the NFC to grant Admin access to the reporting center, insights, and the NFC Mainframe for all SBA Personnel Office Identifiers (POIs) to the following SBA DOGE employees.”
The NFC is an agency nested inside the US Department of Agriculture (USDA) that handles payroll for 650,000 government employees—over a fifth of the federal workforce—across more than 170 agencies, including the SBA, according to a source familiar with it who was granted anonymity because they are not authorized to talk to the press. The information contained in the NFC’s systems includes the Social Security numbers, banking information, addresses, and dates of birth for federal employees, including members of the FBI and DOJ. “We can and have managed the complexities of law enforcement pay for decades,” says the source. (The USDA referred a request for comment from WIRED to the SBA. The SBA did not respond to multiple requests for comment.)
According to the source familiar with the NFC, requests for access, especially for sensitive systems, normally go through a vetting process. The request is evaluated and, if granted, only permits the lowest level of access required. “We were being told,” they believed, “to give them unlimited access.”
According to emails viewed by WIRED, an IT manager at the NFC requested that Coristine and Park be granted “admin authority” to the mainframe and access to two other applications: Insight, which includes detailed employment records, and the Reporting Center, which includes payroll data. The requests for Insight and the Reporting Center were for “read only” access, meaning that Coristine and Park could see data in the system but not change it. Within roughly three hours of Kucharski’s email, the DOGE operatives had mainframe access, giving them—according to the source—the power to see sensitive information like an employee’s “salary, banking, address, deductions, debt and other vital employment information” at the NFC.
In an email timestamped 4:15 pm, less than an hour after this access was granted, Coristine wrote to Hernandez and the SBA’s deputy chief human capital officer, with another request: “Could you please send me the NFC CIO’s phone number?”
All of this was quite unusual by normal government standards, though not those prevailing at the time: As Coristine and Park were gaining access to the NFC mainframe, another DOGE operative, Marko Elez, had gained read-write access to the Payment Automation Manager and Secure Payment System at the Treasury’s Bureau of the Fiscal Service.
The speed at which DOGE operatives were able to access these datasets, says Don Moynihan, a professor of public policy at the University of Michigan, was highly concerning, because it indicates they likely did not go through the regular screening and security clearance processes required of government employees who handle sensitive information.
“As far as we know, these people don’t have real security background checks,” he says. Experts WIRED previously spoke to doubted that Coristine could have obtained a clearance.
SBA spokesperson Caitlin O’Dea says, “As federal employees, all personnel are subject to a rigorous clearance protocol prior to interacting with agency data. SBA is grateful to those who have helped uncover millions in fraud, waste, and abuse on behalf of American taxpayers and small businesses.”
“Oversight Democrats demand to know if this kid—and any of the DOGE employees shuffling through Americans’ sensitive data—have passed the required background checks and clearances. DOGE continues to put the whims of the White House over the safety, security, and well-being of the American people and our nation,” Stephen Lynch, a member of the House Oversight Committee, tells WIRED in a statement.
The White House did not respond to a request for comment.
Shortly after Kucharski’s initial request, Park sent an email to Coristine with the subject line “List of systems.” Coristine then forwarded this request to Kucharski. An hour after that, Coristine emailed another SBA employee with the subject line “RE: Access to Oracle & SQL Server Databases.”
This appears to have put Coristine in position to potentially access significant amounts of sensitive personal information. The SBA supports small businesses and entrepreneurs by helping them access loans, government contracts, and business counseling and educational resources. As part of its routine processes, according to a current SBA employee who asked not to be named because they are not authorized to speak to the press, “we collect a lot of data, like employer identification numbers (EINs), North American Industry Classification System (NAICS) numbers, and Social Security numbers.”
Coristine would likely have had access to this sort of information because he was, according to emails obtained by WIRED, granted access to records and systems including the Capital Access Financial System, the SBA’s main portal for submitting and servicing loans His access further encompassed several CAFS subsystems that can contain granular information on loans and loan applications.
“Each one on its own doesn’t have boatloads of information, but added together, the CAFS system as a whole, if you flip between the tabs, has all of the information from loan applications, street addresses, tax IDs, additional notes from SBA investigations and holds, etc.,” says a second SBA source familiar with some of the systems Coristine and Park had sought to gain access to, also on the condition of anonymity as they were not authorized to speak to the press.
Additionally, the source says, CAFS does have fields for citizenship status and for an alien registration number for noncitizens, as well as, the street address of the business, race, gender of the person listed as principal.
Though agencies will sometimes loan staffers to each other for specific projects or to share particular expertise, Moynihan says that a single person or group of people “operating in multiple agencies, accessing multiple data sets at the same time, is really unusual.”
“I can’t think of another example like this,” he says.
While the emails reveal little about the purpose of DOGE’s access to these systems at SBA and NFC, Moynihan says, “the sensitivity of the data leads us to worry about the worst-case scenario.”
In April, WIRED reported that DOGE was marrying datasets across several agencies to support the Trump administration’s immigration agenda and to particularly target immigrants for removal or other forms of law enforcement.
“We’re left speculating what the intention was here, given the information vacuum created by DOGE,” says Moynihan.