Employees at DOGE – the Trump administration effort initially led by billionaire Elon Musk that aimed to slash public employment while bringing high-tech efficiency to the federal government – uploaded a massive Social Security database to an unsecure server in June, according to a whistleblower complaint filed by Chuck Borges, the chief data officer at the Social Security Administration.
The database includes personal details on more than 300 million Americans, including everything in a standard Social Security file such as name, address, date of birth and Social Security number.
Borges did not say that the database had been compromised. But the complaint alleged that there are no “audit or oversight mechanisms” regulating the use of the file.
"Americans may be susceptible to widespread identity theft, may lose vital healthcare and food benefits, and the government may be responsible for re-issuing every American a new Social Security Number at great cost,” the complaint says.
Borges also said that DOGE employees may have violated federal laws that protect sensitive data.
A spokesperson for the Social Security Administration said the agency was taking the complaint seriously.
Rep. Richard Neal of Massachusetts, the senior Democrat on the House Ways and Means Committee, said that DOGE’s use of the database “is the danger we fear and warned of,” adding, “All oversight has been lost, all accountability gone.”
Richard Forno, an expert at the University of Maryland at Baltimore County Cybersecurity Institute, told The Washington Post that it looks like DOGE did not follow best practices in dealing with the data. “It’s a cybersecurity failure, it’s a management failure,” he said. “This is not supposed to happen in a properly functioning government bureaucracy.”