Department of Government Efficiency Staffers Created 'Live Replica' of SSA Data
The Trump administration's cost cutting brigade created a live replica of Social Security data in a cloud system lying outside of federal oversight, a whistleblower said in a report released Tuesday.
See Also: New Trend in Federal Cybersecurity: Streamlining Efficiency with a Holistic IT Approach eBook
The replica - containing sensitive data of more than 300 million Americans and created without authorization or monitoring from the Social Security Administration's infrastructure security team - was approved by DOGE-aligned officials embedded at the agency, said agency Chief Data Officer Charles Borges, who filed a complaint with Congress.
His disclosure deepens earlier reporting that DOGE, under Elon Musk's leadership, sought to build a "master database" is in likely violation of federal privacy laws and data security regulations (see: Whistleblower Warns DOGE Secretly Building 'Master Database').
The Borges complaint alleges DOGE officials uploaded names, birthdates, addresses and Social Security numbers to an unsecured cloud system while bypassing internal protocol, ignoring court orders and sidelining career civil servants. Cybersecurity experts warned that circumventing oversight, skipping risk assessments and placing high-value data in an unmonitored environment could trigger massive breaches and damage public trust in the federal government's ability to safeguard personal information.
"Prior to this administration, I would have said it would have been very unusual for a unit like DOGE to override a career security official for these purposes," Michael Daniel, president of the nonpartisan Cyber Threat Alliance, told Information Security Media Group. "But it appears to have become much more common."
The complaint, filed by the Government Accountability Project on behalf of Borges, says the Social Security Administration's chief data officer recently learned of "serious data security lapses" orchestrated by DOGE officials. It outlines systemic security failures, unrestricted administrative access to sensitive production systems and possible violations of internal protocols and federal privacy laws.
Former SSA Acting Commissioner Michelle King stepped down in February after refusing to release a massive trove of protected data to DOGE, including records that may have contained addresses, bank details, medical histories and income and employment information. Despite her pushback, reports at the time indicated DOGE staff had read-access to SSA systems by March, allowing them to quietly copy sensitive data for potentially unauthorized use (see: DOGE's Nine Worst Cybersecurity Failures Under Elon Musk).
The cloud environment DOGE created is a live copy of the SSA's Numerical Identification System database, or NUMIDENT, which "contains all data submitted in an application for a United States Social Security card," according to the complaint. Borges did not report any cloud system breaches. The filing cautions that bad actors could exploit a vulnerability in the system to commit identity theft, cut off access to healthcare and food benefits and potentially force the government to re-issue Social Security numbers.
The report says Borges, a career civil servant and veteran who spent the past decade working across federal agencies on IT, data architecture and security, raised concerns internally with the chief information officer's office. A lawsuit that led to a temporary restraining order blocking DOGE access, though DOGE affiliates were still granted improper and excessive access to multiple databases starting around March 14, according to the complaint.
"If this information were to be compromised, it is possible that the sensitive [personally identifiable information] on every American including health diagnoses, income levels and banking information, family relationships and personal biographic data could be exposed publicly and shared widely," the complaint says.