A whistleblower has come forward with alarming allegations about the handling of sensitive Social Security data by members of the Department of Government Efficiency (DOGE). Charles Borges, the chief data officer at the Social Security Administration (SSA), filed a complaint through the Government Accountability Project, a nonprofit organization. According to Borges, DOGE officials copied the entire Social Security database, containing personal information of over 300 million Americans, to a vulnerable cloud server.
This database, known as NUMIDENT, includes full names, addresses, birth dates, and other details that could be used for identity theft. Borges claims that the data transfer was orchestrated by senior Trump appointees at the SSA who were recently part of the DOGE team. He alleges that this action violated laws and regulations, constituting gross mismanagement and posing a significant threat to public safety.
The complaint states that the copied data was stored on an internal agency server accessible only to DOGE, bypassing the independent security monitoring typically required for such sensitive information.
Data mishandling jeopardizes public safety
As of late June, there were reportedly no verified audit or oversight mechanisms in place to monitor how DOGE was using the data or whether it was being shared outside the agency.
Career cybersecurity officials at the SSA had described the decision to copy the data as “very high risk,” warning of a “catastrophic impact” on Social Security beneficiaries and programs if the database were to be compromised. They even discussed the possibility of having to reissue Social Security numbers to millions of people if the cloud server were breached. Despite these warnings, the data transfer was authorized by DOGE-affiliated officials, including Aram Moghaddassi, who stated, “I have determined the business need is higher than the security risk associated with this implementation and I accept all risks associated with this implementation and operation.”
The SSA has responded to the allegations, maintaining that its data remains secure and is stored in a long-standing environment used by the agency, walled off from the internet.
They stated, “We are not aware of any compromise to this environment and remain dedicated to protecting sensitive personal data.”
This whistleblower complaint is the latest in a series of accusations against DOGE and Trump officials for disregarding privacy protections. The Trump administration has faced criticism for consolidating personal information held by various federal and state agencies, sometimes citing efforts to combat fraud or improve efficiency. Borges’s disclosure highlights the ongoing concerns about data security within government agencies and the potential risks associated with the mishandling of sensitive information.
The complaint urges Congress to investigate the matter and ensure that proper safeguards are in place to protect Americans’ personal data.