Social Security Official Says DOGE Compromised Americans’ Data

The Washington Post

16:22 JST, August 27, 2025

The U.S. DOGE Service uploaded a copy of Americans’ Social Security data to the digital cloud, risking the security of critical personal information for more than 300 million people, a whistleblower in the agency alleged.

Chief Data Officer Charles Borges raised concerns that DOGE staffers bypassed safeguards, circumvented a court order and created a copy of the Social Security Administration’s entire collection of data on the U.S. public on the cloud. Borges said the SSA had no oversight of who had access to the file.

Borges did not allege that the cloud had been hacked or compromised but warned that hosting a copy of one of the government’s most sensitive datasets on a cloud without security controls substantially threatened the safety of Americans’ information. The data includes people’s names, birth dates and other information that could be used to steal their identities. The cloud is an online storage space via a server or network of servers.

Borges’s concerns were first reported by the New York Times.

DOGE’s access to Social Security data has been a point of controversy since Elon Musk’s group of young technologists first gained access to the agency, leading to internal clashes, The Washington Post has previously reported.

SSA spokesman Nick Perrine said the agency was “not aware of any compromise” to the storage of Americans’ Social Security information.

“Commissioner [Frank] Bisignano and the Social Security Administration take all whistleblower complaints seriously,” Perrine said in a statement. “SSA stores all personal data in secure environments that have robust safeguards in place to protect vital information. The data referenced in the complaint is stored in a long-standing environment used by SSA and walled off from the internet. High-level career SSA officials have administrative access to this system with oversight by SSA’s Information Security team.”

The White House referred The Post to the Social Security Administration for comment.

The disclosure was sent to the Office of Special Counsel, which investigates whistleblower complaints, as well as the leadership of several House and Senate committees.

The Office of Special Counsel does not confirm or deny disclosures filed with the independent watchdog, spokeswoman Corey Williams said.

A spokesperson for Sen. Rand Paul (R-Kentucky), chairman of the Senate Homeland Security and Governmental Affairs Committee, confirmed receipt of a whistleblower disclosure and said it was under review, declining to comment further. Republican leaders of other committees that received the disclosure did not immediately respond to requests for comment.

Democrats, who have warned about DOGE endangering Americans’ data security, said this disclosure reaffirmed their concerns.

“Today’s whistleblower report confirms what we’ve been warning for months: DOGE is putting Social Security checks, health records and the personal data of millions of Americans at risk,” said Sara Guerrero, a spokeswoman for House Oversight Democrats.

House Ways and Means ranking Democrat Richard E. Neal (Massachusetts), who has expressed concern about DOGE’s impact on Americans’ data safety, called for further investigation.

“This is the danger we feared and warned of – a credible whistleblower report of the Trump Administration recklessly making vulnerable the personal data of over 300 million Americans, by copying their Social Security data from sanctioned, safe databases to an unprotected cloud environment,” Neal said in a statement.

Richard Forno, associate director at the University of Maryland at Baltimore County Cybersecurity Institute, said it appeared that DOGE did not follow cybersecurity best practices, which include confirming who might have access to the sensitive data once it was moved.

“It’s a cybersecurity failure, it’s a management failure,” Forno said. “This is not supposed to happen in a properly functioning government bureaucracy.”

The disclosure marks the latest escalation in a conflict over the safety of personal data since DOGE arrived at Social Security. For months, DOGE had sought access to records to search for evidence of widespread fraud in payments to millions of retirees and disabled people. DOGE leaders wanted to build a single centralized database, The Post previously reported, despite concerns from government workers.

In February, the acting SSA commissioner at the time, Michelle King, left her job after a disagreement over DOGE’s attempts to gain access to sensitive records.

Also that month, retirees and unions brought a lawsuit over DOGE’s unauthorized access to personal data. A federal judge temporarily blocked DOGE from accessing the SSA’s critical data in March, but in June, the Supreme Court cleared the way for DOGE to gain access to the data amid ongoing litigation.

Borges, who became the agency’s chief data officer days after Trump’s inauguration, disclosed that DOGE members had gained access to some databases containing sensitive data in March before the court order blocking their access went into effect. Although access was revoked following the court order, Borges said he later learned that DOGE representatives immediately requested access to data, which they were given.

After the Supreme Court decision in June, DOGE created the copy of the agency’s most critical database of millions of Americans’ personal information to put in the digital cloud within the agency’s Amazon Web Services system.

In internal emails cited in the disclosure, which The Post reviewed, officials in the agency discussed how to make sure the data could be moved safely. A risk assessment stated that unauthorized access to the data would have a “catastrophic impact to SSA beneficiaries and SSA programs.”

Before transferring the data, officials said the chief information officer needed to sign off. The official, Michael Russo, a political appointee aligned with DOGE, authorized the transfer of the data June 25, according to an email.

“Mr. Borges reasonably believes that this approval constitutes gross mismanagement, abuse of authority, violation of law, and substantial and specific threat to public health and safety,” his attorneys wrote.

Russo did not immediately respond to The Post about the disclosure.

Borges – who served for over two decades in the U.S. Navy and has worked in the General Services Administration, the Office of Management and Budget and the Centers for Disease Control and Prevention – oversees data access at the agency. Yet, the disclosure letter states he learned about the data transfer after the fact from workers in the agency reporting to him.

Borges warned that the most severe consequence of a security violation with this data could be the reissuing of millions of Social Security numbers, a concern he raised to his superiors, his lawyers said. Borges had warned others in the agency’s leadership before bringing his concerns to watchdogs.

“He would not risk his career and the job that he is very passionate about if he did not think that this was a huge security risk for the American public,” Borges’s attorney Andrea Meza told The Post.