Whistleblower claims DOGE uploaded Social Security data to unsecure cloud server

The Social Security Administration’s (SSA) chief data officer, Charles Borges, has filed a whistleblower complaint alleging that members of the Department of Government Efficiency (DOGE) uploaded a copy of a key Social Security database to an unsecured cloud environment in June, the New York Times reported. This may have exposed the personal information of hundreds of millions of Americans. The complaint alleges that under the authority of the SSA’s Chief Information Officer, Aram Moghaddassi, a copy of the country’s Social Security information was held in a cloud environment that lacked any security oversight or adherence to SSA security protocols. The information uploaded was from the Numerical Identification System (Numident) database, and includes the names, Social Security numbers, place and date of birth, citizenship, race, ethnicity, address and even parents’ names of anyone who has ever had a Social Security number, even those who are no longer alive.

 “Mr. Borges has raised concerns internally with various authorities in the Chief Information Officer’s (CIO) office and to date has not been made aware of any remedial action. He therefore elevates his concerns out of a sense of urgency and duty to the American public,” the  complaint states. “Should bad actors gain access to this cloud environment, Americans may be susceptible to widespread identity theft, may lose vital health care and food benefits, and the government may be responsible for reissuing every American a new Social Security number at great cost.” 

The approvals to copy the Numident database were, despite the enormous risk of that information falling into the wrong hands, approved expeditiously, according to the complaint. “I have determined the business need is higher than the security risk associated with this implementation and I accept all risks,” Moghaddassi wrote in a memo. Another senior DOGE official, Michael Russo, is alleged to have signed off on the decision in under half an hour. Before accepting his position as CIO, Moghaddassi worked for then-de facto DOGE boss Elon Musk at both Neuralink and X.

In a statement to the New York Times, SSA spokesperson Nick Perrine said the agency was “not aware of any compromise to this environment” and that “the data referenced in the complaint is stored in a longstanding environment used by S.S.A. and walled off from the internet.”

That DOGE should have access to sensitive data in the first place was the subject of tension within the federal government earlier this year. Several lawsuits attempted to block DOGE from accessing SSA, Treasury and Office of Personnel Management data. Via the so-called shadow docket, the Supreme Court struck down a Fourth Circuit injunction preventing the agency from siphoning SSA data in June. Among his other allegations, Borges claims DOGE regained access to the data during the injunction period.