A recent report released on Thursday criticizes a government department for storing the personal data of millions of Americans on unsecured cloud servers.
Senator Gary Peters (D-Mich.), who is the ranking member of the Senate Homeland Security Committee, emphasized the agency’s “unprecedented privacy and cybersecurity risks.” He warned that Americans might find themselves in a situation where, if a whistleblower were to need a new Social Security number, that could become necessary.
Chuck Borges, who previously served as the chief data officer for the Social Security Agency (SSA), filed a whistleblower complaint back in August. He brought attention to what he described as Doge’s “vulnerable cloud environment.”
Borges’s claims came shortly after an appeals court ruled that Doge could keep accessing sensitive federal data, raising further concerns about the agency’s handling of American personal information.
The report, prepared by the committee’s Democratic staff, references several whistleblowers, including Borges, and highlights that Doge staff were granted permission to transfer highly sensitive SSA data into an unprotected cloud setting.
“Based on disclosures from whistleblowers Michael Russo and Aram Moghaddassi, it seems that there was clearance to upload live SSA data to a cloudy platform,” the report noted.
According to the whistleblower, Doge allegedly uploaded a live version of the numerical identification file, known as Numident.
This data might encompass Social Security numbers, birth dates, parents’ names, and other sensitive personal details, as pointed out in the report.
An internal risk assessment by SSA revealed a potential “35-65%” likelihood of data breaches occurring, which could have “devastating negative effects” in cloud settings.
“The Social Security number is crucial for accessing a range of public and private services, from getting a driver’s license to visiting a doctor,” the document stated.
The report cautioned that if the entire SSN data gets compromised, the ramifications for financial institutions and other critical sectors could be significant.
The report advises that SSA should “promptly shut down its cloud environment” and conduct a thorough audit of its operations. It also suggests that SSA should investigate whether any data breaches may have occurred within that environment.
“Given the agency’s inadequate visibility into cloud settings, we might never grasp the full extent of the damage,” the report concluded.
Efforts to contact Senator Rand Paul (R-KY), who chairs the White House and Homeland Security Committee, were made by Hill.
