A whistleblower complaint has raised serious concerns about the handling of personal data by the Department of Government Efficiency at the Social Security Administration (SSA). Charles Borges, the agency's chief data officer, alleges that sensitive information of over 300 million Americans was placed on a vulnerable cloud server in June. This data includes Social Security numbers, names, addresses, and other personal details.
Borges claims that the actions of several DOGE staffers violate laws and regulations, amounting to gross mismanagement and a significant threat to public safety. He specifically accuses SSA Chief Information Officer Aram Moghaddassi of creating a live copy of the Social Security database in a cloud environment that bypasses necessary oversight. This move allegedly contravenes multiple federal statutes.
The complaint details that the copied database, known as "Numident," contains critical information such as Social Security numbers and personal identifiers. Borges warns that if unauthorized individuals access this cloud environment, it could lead to widespread identity theft and loss of essential benefits for Americans. He stated, "Should bad actors gain access to this cloud environment, Americans may be susceptible to widespread identity theft, may lose vital healthcare and food benefits, and the government may be responsible for re-issuing every American a new Social Security Number at great cost."
In March, DOGE staffers were reportedly granted excessive access to sensitive databases. Although a federal judge initially blocked this access, the Supreme Court later overturned that decision in June. Following this ruling, DOGE staff requested to transfer the SSA's Numident database to a private cloud server, which would only be accessible to DOGE personnel. Borges's complaint highlights that this transfer was made without adequate security measures, creating significant vulnerabilities.
An internal security assessment described the act of copying the database as "high-risk," noting that most security breaches occur in development environments due to reduced oversight. The assessment warned of a "catastrophic impact" on Social Security beneficiaries if the database were compromised. Moghaddassi reportedly acknowledged the risks in a memo, stating, "I have determined the business need is higher than the security risk associated with this implementation and I accept all risks."
In response to the allegations, SSA spokesperson Nick Perrine emphasized that the agency takes whistleblower complaints seriously. He stated that the data in question is "walled off from the internet" and accessible only to high-level officials with proper oversight. Perrine added, "We are not aware of any compromise to this environment and remain dedicated to protecting sensitive personal data."
As of late June, Borges noted that the SSA lacked verified audit or oversight mechanisms to monitor DOGE's access to sensitive data in the unsecured cloud environment. He has expressed a willingness to meet with Congress to discuss his concerns further. Andrea Meza, an attorney representing Borges, stated that her client is raising these alarms out of a sense of urgency and duty, emphasizing the importance of protecting the public's data.
The situation has drawn attention from lawmakers, with Senator Ron Wyden of Oregon criticizing the actions leading to this potential data breach. He remarked, "Be sure to thank Donald Trump, JD Vance and their stooges if your ID now gets stolen thanks to their stupidity."
The whistleblower complaint highlights ongoing concerns about data security and the management of sensitive information within federal agencies.