A whistleblower has raised alarming concerns regarding a former senior official from the Department of Government Efficiency (DOGE), now employed at the Social Security Administration (SSA). The allegations state that this individual copied the Social Security numbers, names, and birthdays of over 300 million Americans onto a private server, which may be accessible to other former DOGE employees at the SSA. This potential breach poses a significant risk to the privacy and security of this sensitive information, making it vulnerable to identity theft.
Charles Borges, the chief data officer at the Social Security Administration, filed a formal complaint through the nonprofit organization, the Government Accountability Project. In this complaint, Borges claims that senior appointees from the Trump administration at the SSA, who were previously part of the DOGE team, executed the data copying in violation of various laws, rules, and regulations. He cites instances of abuse of authority, gross mismanagement, and a substantial threat to public health and safety.
According to Borges, career cybersecurity officials within the SSA have characterized the decision to copy this data as extremely high-risk. They even discussed the necessity of re-issuing Social Security numbers to millions of Americans should the cloud server be compromised. The copied data was reportedly transferred to a server that was integrated into the SSA's existing cloud infrastructure, managed by Amazon Web Services (AWS). However, the complaint argues that this server lacked the necessary security measures typically mandated by SSA protocols.
Andrea Meza, an attorney with the Government Accountability Project representing Borges, expressed serious concerns regarding the security vulnerabilities this situation creates for nearly every American's personal data. In a statement to NPR, the Social Security Administration asserted that their data remains secure, claiming that the information mentioned in the complaint resides in a longstanding environment that is isolated from the internet. They emphasized, "We are not aware of any compromise to this environment and remain dedicated to protecting sensitive personal data."
Borges' complaint adds to a growing list of instances where DOGE and Trump administration officials are accused of neglecting privacy protections surrounding sensitive personal information. The Trump administration has taken aggressive steps to consolidate personal data from various federal and state agencies, often citing efficiency, fraud prevention, and immigration enforcement as justifications for these actions.
In April, NPR reported another whistleblower incident involving DOGE officials who allegedly mishandled sensitive data from the National Labor Relations Board while attempting to conceal their actions. Additionally, SSA officials have been accused of using personal data to support unsubstantiated claims regarding voter fraud. Notably, a request for data access emerged in June, shortly after a U.S. Supreme Court ruling granted temporary access to sensitive SSA data for DOGE team members.
Borges' complaint details an incident on June 10, shortly after the Supreme Court ruling, when John Solly, a former DOGE employee at the SSA, requested a copy of the Numerical Identification System (NUMIDENT) database. This database serves as the master file containing all information submitted for Social Security card applications, including names, birth dates, citizenship status, and Social Security numbers. The requested action effectively created a copy of the database that would be accessible to former DOGE officials, raising significant security concerns.
Internal assessments from SSA's career cybersecurity officials indicated that unauthorized access to the NUMIDENT database could have catastrophic consequences for SSA beneficiaries and programs. Yet, despite these warnings, the data transfer reportedly occurred in late June, following approval from Michael Russo, another DOGE-affiliated official. Subsequently, Aram Moghaddassi, the SSA's chief information officer, who also has ties to DOGE, authorized a Provisional Authorization to Operate, allowing officials to utilize the copied data.
In its statement, the Social Security Administration reassured that the copied data remains within its secure environment, supervised by high-level career SSA officials with administrative access. The SSA maintains that oversight is managed by its Information Security team. However, the concerns raised by Borges and the ongoing scrutiny of data protection practices at the SSA highlight the urgent need for rigorous oversight to safeguard sensitive personal information for millions of Americans.
