A whistleblower has reported that a former employee from the Department of Government Efficiency (DOGE) allegedly copied the Social Security numbers, names, and birthdates of over 300 million Americans to insecure private servers. This action raises significant concerns about potential identity theft as sensitive personal information might be at risk.
Charles Borges, the chief data officer at the Social Security Administration (SSA), made this alarming claim in written complaints submitted through the Government Accountability Project. In these complaints, he detailed how a senior SSA appointee, who was formerly part of DOGE, created copies of this data, significantly threatening public safety and health.
Borges noted that cybersecurity officers within the SSA labeled the decision to duplicate this data as “very high risk.” They even discussed the drastic measure of potentially needing to reissue Social Security numbers for millions if the cloud servers were compromised.
The server in question is reportedly part of SSA’s existing cloud setup through Amazon Web Services, although the complaints indicate it lacks the stringent security measures that the SSA usually requires.
Andrea Meza, an attorney for the Government Accountability Project representing Borges, mentioned that the cloud environment seemed specifically designated for SSA staff associated with DOGE. However, she expressed concern, stating there’s “no independent security or surveillance,” raising serious doubts about the safety of the data for essentially every American.
The SSA, in an email statement, reassured that its data remains secure, asserting that the information in question is stored safely. They noted, “We are not aware of any compromises in this environment and are committed to protecting sensitive personal data.”
Copied Data
Borges’ allegations are part of a broader pattern where DOGE and Trump administration officials have been accused of neglecting privacy protections regarding sensitive personal information. The administration often promoted the integration of personal data held by various agencies, sometimes citing efficiency benefits, yet leaving the rationale inconsistent.
Earlier, NPR had reported whistleblower accounts revealing that DOGE officials had acquired sensitive data from the National Labor Relations Board and attempted to obscure their methods. It seems these SSA DOGE officials also used personal data to make unsupported claims regarding voter fraud.
Most recently, in June, a Supreme Court ruling allowed DOGE access to some of the SSA’s most sensitive data after a temporary restraining order was lifted. This decision came as a 6-3 ruling by a conservative judge.
Internal Risk Warning
According to Borges’ complaint, on June 10, following the Supreme Court’s decision, a former DOGE employee named John Solly requested the SSA to create a copy of the Numerical Identification System (Numident) database on a private cloud within SSA’s infrastructure. The Numident is essentially the master file containing all information from Social Security card applications, including applicants’ names, birthdates, and Social Security numbers.
The complaint suggests this request led to creating a copy of the database in a “test environment.” Internal documents indicated that a cybersecurity officer warned this move could be dangerous, noting that “Unauthorized access to Numident is considered catastrophic for SSA beneficiaries.” The recommendation was that “production data should not be used.”
Despite these warnings, it appears that the data transfer occurred in late June after Solly’s request received approval from Michael Russo, associated with another DOGE group. In July, Aram Moghaddassi, a former DOGE chief information officer, gave “interim approval” to make the data accessible to officials, asserting that business needs took precedence over security risks.
The SSA reiterated that copies of the data are maintained in a secure environment, claiming high-level officials have administrative access with oversight from their information security team.
