Social Security Whistleblower Warns of DOGE Data Risk to 300M Americans
Department of Government Efficiency (DOGE) activities at the Social Security Administration (SSA) involved data security lapses that risk the exposure of more than 300 million Americans’ social security information, alleged a protected whistleblower Tuesday. SSA denied that its handling of the data put citizens at risk, however.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
SSA Chief Data Officer (CDO) Chuck Borges disclosed reports that DOGE employees “created a live copy of the country’s Social Security information in a cloud environment that circumvents oversight,” which could lead to widespread identity theft and other harms if accessed by bad actors, said a Tuesday release by the Government Accountability Project.
Recently, Borges “has become aware through reports to him of serious data security lapses, evidently orchestrated by DOGE officials, currently employed as SSA employees, that risk the security of over 300 million Americans' Social Security data,” a letter to senior congressional members said. The “disclosures involve wrongdoing including apparent systemic data security violations, uninhibited administrative access to highly sensitive production environments, and potential violations of internal SSA security protocols and federal privacy laws by [specific] DOGE personnel.”
A lawsuit and motion for a temporary restraining order (TRO) to block DOGE's access to sensitive were filed in February and March, respectively, in the U.S. District Court for Maryland (docket 1:25-cv-00596). District Judge Ellen Lipton Hollander granted the TRO on March 20, temporarily blocking DOGE's access.
In June, however, the U.S. Supreme Court ruled DOGE could have unfettered access to SSA data to do its work, which Justice Ketanji Brown Jackson said in her dissent was a “grave privacy risk for millions” (see 2506090052).
A spokesperson for the Social Security Administration, in an email to Privacy Daily, said, “SSA stores all personal data in secure environments that have robust safeguards in place to protect vital information,” and “the data referenced in the complaint is stored in a long-standing environment used by SSA and walled off from the internet.” The spokesperson added that “high-level career SSA officials have administrative access to this system with oversight by SSA’s Information Security team. We are not aware of any compromise to this environment and remain dedicated to protecting sensitive personal data.”
In addition, the spokesperson said the administration and Commissioner Frank Bisignano “take all whistleblower complaints seriously.”
According to the Government Accountability Project’s press release, however, Borges internally disclosed to his superiors reservations about DOGE’s actions, as they pose a threat to the public and may also violate the law. One of his superiors noted that the SSA could have to re-issue Social Security numbers to everyone in response to the risk, it added.
“Borges raised concerns to his supervisors about his discovery of a disturbing pattern of questionable and risky security access and administrative misconduct that impacts some of the public’s most sensitive data,” said Andrea Meza, director of campaigns for the Government Accountability Project and attorney for Borges, in Tuesday’s release. “Out of a sense of urgency and duty to the American public, he is now raising the alarm to Congress and the Office of Special Counsel, urging them to engage in immediate oversight to address these serious concerns.”
His “bravery in coming forward to protect the American public’s data is an important step towards mitigating the risks before it is too late,” Meza added.