日本語
한국어
Tiếng Việt
简体中文
A high-ranking official within the Social Security Administration (SSA) has come forward with alarming allegations, claiming that the Department of Government Efficiency (DOGE) imperiled the sensitive personal information of over 300 million Americans by uploading it to an unsecured cloud server.
Charles Borges, the SSA’s Chief Data Officer (CDO), filed a protected whistleblower disclosure with the Office of Special Counsel. His attorneys assert that DOGE employees, without proper authorization from Borges, copied vast amounts of Social Security data into a vulnerable cloud environment. This compromised data reportedly includes names, familial relationships, birthplaces, birthdays, racial information, citizenship status, phone numbers, and other deeply personal details.
The whistleblower complaint underscores the catastrophic potential of such an exposure: “it is possible that the sensitive PII [personally identifiable information] on every American, including health diagnoses, income levels, and banking information, family relationships, and personal biographic data, could be exposed publicly, and shared widely.” This paints a stark picture of a nationwide privacy crisis.
DOGE’s Persistent Pursuit of SSA Data
Since its inception in January 2025, DOGE has repeatedly attempted to access Social Security information. These persistent efforts culminated in a lawsuit in late February, leading to a Temporary Restraining Order (TRO) and subsequently a Preliminary Injunction (PI). Both legal mandates explicitly prohibited DOGE from accessing PII copied from SSA records and from obtaining information without due clearance and approval. Despite these injunctions, which a PI eventually mirrored and was in effect until stayed by the Supreme Court in June, Borges alleges that DOGE consistently flouted the court orders.
According to Borges, DOGE officials allegedly reinstated data access within 24 hours of a court-ordered revocation on March 20th. Shockingly, he claims this restored access was even broader than what existed before the TRO. Although the Office of Information Security (OIS) again revoked DOGE employees’ access on March 24th, the disclosure does not confirm DOGE’s compliance.
Circumventing Security for a “Master Database”
The most egregious breach, Borges alleges, occurred after the Supreme Court stayed the PI in June. DOGE then purportedly granted itself authority, entirely bypassing SSA officials and oversight, to access and copy the entirety of the SSA’s data on the American public. Their target was the SSA’s Numerical Identification System (NUMIDENT), a comprehensive database containing “all information submitted in an application for a United States Social Security card,” essentially holding personal details for every single U.S. citizen.
When the OIS denied DOGE access to transfer NUMIDENT data into an insecure live cloud environment, DOGE allegedly circumvented this denial. They reportedly sought and received approval from Michael Russo, an SSA official affiliated with DOGE. Further, high-risk data transfer policies requiring Chief Information Officer (CIO) approval were allegedly bypassed or ignored. Aram Moghaddassi, a recent hire also affiliated with DOGE, authorized the NUMIDENT copy, stating, “I have determined the business need is higher than the security risk…” Critically, Borges, as the Chief Data Officer responsible for SSA data integrity, was neither consulted nor granted access to this new, unmonitored server.
Borges’ complaint emphasizes the profound dangers of such a massive data transfer without “verified audit or oversight mechanisms” or “independent security controls,” including tracking who accesses the data and how it’s used. This lack of accountability creates fertile ground for cyber-crimes, identity theft, and highly sophisticated surveillance and misinformation campaigns by malicious actors.
The true motive behind DOGE’s relentless pursuit of SSA data remains a central concern. An anonymous whistleblower in April alleged to the Committee on Oversight and Government Reform Democratic staff that DOGE was seeking this data to potentially disrupt Social Security payments, overhaul SSA IT systems, and establish a cross-agency “Master Database.” This proposed database would consolidate sensitive information from various agencies, including the Internal Revenue Service (IRS) and the Department of Health and Human Services (HHS), posing an unprecedented threat to individual privacy and potentially violating federal law.
Protecting Public Data: A Call for Accountability
“Without whistleblowers like Borges, the American public might have continued unaware of these new vulnerabilities. The systems we trust to govern and protect us have begun to use our personal, private data as leverage. American citizens should be rightfully enraged at this misuse of data,” stated the National Whistleblower Center, a prominent advocacy group.
Andrea Meza, Director of Campaigns for the Government Accountability Project, commended Borges: “Mr. Borges’ bravery in coming forward to protect the American public’s data is an important step towards mitigating the risks before it is too late.” This critical disclosure highlights the urgent need for stringent data protection, government transparency, and robust whistleblower safeguards to prevent a privacy catastrophe for millions of Americans.