A whistleblower report submitted to Congress and the Office of Special Counsel claims that DOGE employees uploaded a very sensitive Social Security Administration (SSA) database to a vulnerable cloud server while auditing the agency, one that contains Social Security numbers for 300 million Americans as well as associated identity information.
The whistleblower report was filed by Chuck Borges, chief data officer at the SSA. The complaint does not assert that the DOGE database copy was exposed to the open internet or to any known threats, but that it was kept outside of the agency’s usual oversight and tracking mechanisms and thus may have violated federal statutes for the handling of sensitive personal data.
“Live” social security data transferred to DOGE cloud without proper procedure, whistleblower report asserts
The whistleblower report asserts that in June of this year, the DOGE team requested transfer of the entire set of US social security data to a virtual private cloud environment for testing. This Numerical Identification System (NUMIDENT) dataset includes all Social Security numbers issued as well as associated names, dates of birth, addresses, citizenship status, and family member names along with other points of information.
The complaint notes that such a request is “odd but not unheard of,” with the SSA strongly discouraging the movement of NUMIDENT to test environments but not outright forbidding it. The request was assessed as “high risk” due to “potential catastrophic impact” to social security beneficiaries and programs should unauthorized parties access the data set, and was subject to a CIO review and approval process that the whistleblower report claims was “gross(ly) mismanaged.”
In late June the DOGE cloud environment was found to have no means for the SSA’s Division of Infrastructure Services (DIS) to oversee or audit the DOGE cloud environment, cutting Borges and all other staff outside of DOGE from visibility into security status or who might have access to the social security data. The whistleblower report asserts that this potentially violated multiple federal statutes including the Privacy Act and the Computer Fraud and Abuse Act.
Much of the whistleblower report centers on the fact that SSA IT chief Aram Moghaddassi was the central approval authority for the copying of the social security data. Moghaddassi is a former employee of Elon Musk’s Neuralink and prior DOGE member who was appointed to the role in June of this year shortly ahead of the incident, and that his approval circumvented independent security monitoring and required risk mitigation practices.
Is America’s social security data safe?
The whistleblower report notes that the “worst case outcome” would be a necessary re-issuance of Social Security numbers to all Americans, should it be discovered that parties other than the DOGE auditors accessed the NUMIDENT social security data. However, the report does not note any indication of that having happened. SSA agency spokesperson Nick Perrine responded to the whistleblower report by claiming that DOGE moved the social security data to a “long-standing” test environment that is walled off from the internet and overseen by SSA’s Information Security team.
There is nevertheless legitimate concern that the status of the social security data cannot be tracked outside of DOGE, given the massive damage that could be caused should it fall into the hands of outside parties. It is unclear for how long the data set was in the test environment or if it remains there.
One comparable breach of social security data has previously taken place: the 2017 Equifax breach, which involved the exposure of over 145 million Social Security numbers along with similar personal and contact information. That did not prompt a mass re-issuance of numbers, and Equifax ultimately paid only about $700 million in fines and costs as part of a 2019 settlement with the FTC. That breach was thought to be the work of Chinese state-sponsored hackers and four members of the People’s Liberation Army (PLA) were indicted by the FBI in 2020; the Chinese government has denied involvement.
Contrast that to a recent string of large data breaches in Australia that prompted millions of individuals to request that their drivers licence and passport numbers be changed for security’s sake. This put them through a sometimes confusing maze of differing territory rules, though in some cases simply documenting the possibility of fraud was sufficient. US citizens can potentially request that their Social Security numbers be changed, but the bar is generally higher requiring repeated or ongoing documented attempts at identity fraud or harassment and endangerment of life.
The suspected Chinese theft of social security data did not spark a massive wave of identity fraud, as it is largely speculated that the government is sitting on the stolen trove for its own potential uses. Ryan Sherstobitoff, Field Chief Threat Intelligence Officer at SecurityScorecard, notes that the situation would be very different should it be revealed that a for-profit threat actor had accessed this information: “If confirmed, exposure of a live Social Security database could enable mass identity theft, large-scale fraud against Social Security benefits, and force the costly, complex reissuance of Social Security numbers, creating both financial harm to individuals and systemic disruption to government operations. The scale and sensitivity of this data make it one of the most critical assets managed by the federal government, underscoring the importance of maintaining strong safeguards at every stage of its handling. This incident highlights the urgent need for continuous oversight, clear governance, and rigorous access controls in how sensitive data is managed and shared, especially when cloud infrastructure or third-party systems are involved. Episodic audits and fragmented responsibilities are no match for today’s threats. Security must be thoughtfully integrated throughout the data lifecycle, supported by real-time visibility, strong accountability structures, and a shared commitment to safeguarding public information.”
Mayank Kumar, Founding AI Engineer at DeepTempo, expands on the technical concerns raised by the whistleblower report: “The primary risk here is that NUMIDENT becomes a high-value single point of compromise. A “live” copy means transactional data is continuously updated, which increases the attack surface compared to a static archival dataset. Without independent controls such as hardware-backed key management, out-of-band monitoring, or secondary enforcement layers, compromise of the primary system effectively yields unrestricted access. This is especially concerning given modern offensive tradecraft. Autonomous or semi-autonomous AI agents can stage operations that deliberately suppress low-priority telemetry while siphoning data in distributed micro-transfers to evade anomaly thresholds. NUMIDENT in this posture would not just be vulnerable to bulk exfiltration. It would be susceptible to stealth campaigns that degrade confidence in the integrity of the dataset, which could be more damaging than outright theft.”
“A breach of NUMIDENT would enable the creation of synthetic identities on an industrial scale. LLM-augmented toolchains can already automate the packaging of stolen data into validated identity profiles, bypassing traditional anti-fraud controls. Reissuing SSNs would require rewriting validation logic across the entire U.S. financial, healthcare, and benefits ecosystems. That process would likely span years, during which adversaries would continue exploiting the original dataset. The whistleblower is not exaggerating the severity; the systemic dependencies on SSNs make a reissue scenario catastrophic yet plausible. While the SSA assures of “robust safeguards”, within the security community, such assurances will be interpreted as signaling reliance on legacy defenses rather than adaptive countermeasures. “Robust” typically refers to access controls, encryption at rest, and firewall segmentation. These measures are necessary but insufficient against modern adversaries. The public may accept these statements temporarily, but expert communities will demand specifics around telemetry coverage, supply chain integrity of cloud components, and zero-trust enforcement across NUMIDENT access pathways,” added Kumar.

