A whistleblower complaint filed on Tuesday alleges that the Social Security Administration (SSA) uploaded a copy of all federal Social Security numbers and information to an unsecured server in June. The complaint, filed by Chief Data Officer Chuck Borges, claims that the live copy of the “entire country’s Social Security information” is now held in a “vulnerable cloud environment.”
Borges states that the database includes all data submitted through the application process for a United States Social Security card. This comprises applicants’ names, places and dates of birth, citizenship, race and ethnicity, parents’ names and social security numbers, phone numbers, and addresses.
“Should bad actors gain access to this cloud environment, Americans may be susceptible to widespread identity theft and may lose vital healthcare and food benefits,” the complaint warns. An SSA spokesperson said that the agency stores all data in safe environments. “The data referenced in the complaint is stored in a long-standing environment used by SSA and walled off from the internet.
High-level career SSA officials have administrative access to this system with oversight by SSA’s Information Security team. We are not aware of any compromise to this environment,” the spokesperson said. Borges claims he raised concerns within the agency multiple times but has not seen any remedial action.
He previously held positions at the General Services Administration, the Office of Management and Budget, and the Centers for Disease Control. The complaint alleges that senior Trump appointees at the SSA, previously part of the Department of Government Efficiency (DOGE), made the copy.
Whistleblower complaint on data security
Cybersecurity officials within SSA described the decision as “very high risk,” noting concerns about potentially needing to reissue Social Security numbers if the data were compromised. Andrea Meza, an attorney representing Borges, indicated that the cloud environment was set up for DOGE-affiliated Social Security staffers and lacks independent security, monitoring, and oversight. The whistleblower complaint is the latest in a series of allegations regarding DOGE and Trump officials’ handling of sensitive personal information.
Officials have been accused of consolidating personal data from various agencies, sometimes for immigration enforcement, while neglecting privacy protections. In June, former DOGE employee John Solly requested a copy of SSA’s Numerical Identification System (NUMIDENT) database following a Supreme Court ruling. Internal SSA documents reveal concerns about the move.
“Unauthorized access to the NUMIDENT would be considered catastrophic,” stated a Risk Assessment Form from June 16. Despite these warnings, the data transfer proceeded in late June after approval by DOGE-affiliated officials. SSA’s chief information officer, Aram Moghaddassi, authorized the project, citing the business need as higher than the security risk.
While the SSA asserts that the data is secure, the whistleblower’s allegations spotlight potential vulnerabilities in how sensitive data is managed and safeguarded. The seriousness of these allegations has led to increased scrutiny and legal actions seeking to ensure such data is handled with the highest security standards.