The Department of Government Efficiency (DOGE) has come under fire following a serious whistleblower complaint revealing that the personal data of millions of Americans, including sensitive Social Security numbers, was stored on a vulnerable server. This alarming situation dates back to June, and it was brought to light by Charles Borges, the chief data officer for the Social Security Administration (SSA).
Borges' complaint alleges that the actions of multiple DOGE staff members represent significant violations of laws, rules, and regulations. He describes these actions as an "abuse of authority, gross mismanagement, and the creation of a substantial and specific threat to public health and safety." Notably, Borges accuses SSA Chief Information Officer Aram Moghaddassi, who has ties to Elon Musk, of circumventing agency policies by attempting to create a live copy of the country's Social Security information in a cloud environment devoid of proper oversight.
The whistleblower complaint claims that the database contains identifying information for over 300 million Americans, including records of all issued Social Security numbers and sensitive application details. This makes it a prime target for malicious actors looking to exploit such valuable data. Borges warns that if unauthorized individuals gain access to this cloud environment, it could lead to widespread identity theft, loss of essential healthcare and food benefits, and the costly re-issuing of new Social Security numbers for every American.
According to the complaint, DOGE staff were granted "improper and excessive access" to sensitive databases as early as March. Although a federal judge initially blocked their access to SSA data, the Supreme Court overturned this ruling in June. Following this decision, DOGE personnel requested to migrate the SSA's database, known as Numident, to a private cloud server that would only be accessible to DOGE staff without independent security measures or oversight. This move is considered a severe violation of laws and has created significant vulnerabilities.
The complaint cites an official agency security assessment that labeled the act of copying the database to a cloud server as "high-risk." The assessment warned that the majority of security breaches occur in development environments due to reduced control measures. It cautioned that any breach of this database could have a "catastrophic impact" on Social Security beneficiaries and programs.
Moghaddassi reportedly acknowledged the risks involved in a memo dated July 15, stating, "I have determined the business need is higher than the security risk associated with this implementation and I accept all risks." In response to the allegations, SSA spokesperson Nick Perrine emphasized that the agency takes all whistleblower complaints seriously and stated that the data in question is protected from internet access and monitored by high-level career officials.
However, Borges contends that as of late June, the SSA had "no verified audit or oversight mechanisms" in place to monitor DOGE’s access to sensitive data stored in the unsecured cloud environment. In a statement reflecting on the situation, Senator Ron Wyden of Oregon criticized the administration, urging citizens to hold accountable those responsible for this potential breach of privacy.
Borges has expressed his willingness to meet with members of Congress to further discuss the implications of his disclosures. Andrea Meza, Borges' attorney from the Government Accountability Project, remarked that her client is raising the alarm due to a "sense of urgency and duty," especially since his internal concerns have gone unaddressed. Meza praised Borges' bravery in stepping forward to protect the American public's data as a vital step towards mitigating risks before it becomes too late.
