DOGE Whistleblower Report Lambastes Risk Created by Live Copy of Social Security Data on Cloud Server

A testing copy of what is essentially all of the information available about American Social Security data has prompted a whistleblower report from the highest levels of the Social Security Administration, but as of yet there is no news of a data breach.

The whistleblower report instead alleges improper handling and unnecessary risk, and is part of an ongoing struggle between tenured federal employees and the “DOGE” accounting squad sent by President Trump to audit their departments. An SSA spokesperson said that the social security data was kept in a safe testing environment isolated from the internet, but other agency officials object to the fact that no one outside DOGE can oversee its security status or any record of who has accessed it.

Movement of US social security data was “odd,” but what is the actual risk?

The whistleblower report’s assessment of the worst case scenario would be the need to re-issue Social Security numbers to everyone in the US, something that would obviously be a massive and costly boondoggle. However, that would require evidence that a threat actor accessed the social security data. The report does not make any mention of this, and the SSA says that it has no indication that there has been any unauthorized access.

Members of DOGE copied a database called “NUMIDENT” in June to a private cloud testing environment while auditing social security recipients for potential fraud. This database contains all Social Security numbers presently issued and active along with associated personal information. While the move was formally approved, high-ranking members of the SSA headed by Chief Data Officer Charles Borges drew up the whistleblower report due to concerns that the approvals were given hastily and inappropriately and may have violated several federal statutes. It is not clear how long the social security data was in this test environment or if it is still there.

“Potential catastrophic impact” if social security data got out

While the leak of the full database of numbers would be bad enough, the loss of NUMIDENT would also expose a wide variety of information of great interest to scammers and fraudsters in connection with each number: date of birth, address and names of immediate family members in addition to other social security data.

The move of the data set to the DOGE test environment was approved by a CIO review, but the whistleblower report claims that recently-appointed SSA IT chief Aram Moghaddassi’s approval was rendered too hastily and without following all proper procedures. The issue is complicated by the fact that the social security data is flagged as “high risk” and “potential catastrophic impact” should it be compromised, and that Moghaddassi was very recently appointed to his position and had previously worked for DOGE and for Elon Musk at Neuralink.

The whistleblower report asserts that the hasty approval and the inability of SSA staff outside of DOGE to monitor the social security data may have violated multiple federal statutes including the Privacy Act and the Computer Fraud and Abuse Act.