Whistleblower: DOGE Leaked Social Security Data on Unsecured Server

A high-ranking official within the Social Security Administration has come forward as a whistleblower, alleging that a department known as DOGE uploaded hundreds of millions of Social Security records to an unsecured cloud server, potentially exposing the sensitive personal data of nearly every American citizen. The complaint raises urgent questions about data security and oversight within federal agencies.

Charles Borges, who serves as the agency’s chief data officer, filed a formal whistleblower complaint this week. He claims that senior officials approved the transfer of the country’s complete Social Security database, known as the Numerical Identification System, to a cloud environment that lacked proper security protocols. Borges had reportedly voiced strong objections to the move, warning that it bypassed standard oversight measures.

This database contains more than 450 million individual records, including full names, birthplaces, citizenship status, family members’ Social Security numbers, and a wealth of other confidential financial and personal details. According to the complaint, DOGE personnel, a group of former Elon Musk employees appointed to reduce government waste, copied this trove of information to an Amazon-hosted server that apparently did not include basic security controls like access monitoring or usage logs.

Such actions, the document asserts, violate both internal agency security policies and federal privacy laws. Borges emphasized that by granting DOGE administrative privileges over the cloud system, they could potentially create publicly accessible services, effectively opening the door to unauthorized exposure of the nation’s most sensitive identifying information.

The whistleblower warned that a breach could have devastating consequences, exposing health records, income data, banking information, and family relationships. He described a worst-case scenario in which the U.S. might be forced to reissue Social Security numbers to the entire population, a logistical and financial nightmare.

Earlier this year, a federal restraining order had temporarily barred DOGE from accessing Social Security databases. However, the Supreme Court overturned that order on June 6, clearing the path for the group to proceed. Shortly after, DOGE allegedly secured internal approval from top agency leaders.

Aram Moghaddassi, the agency’s chief information officer, approved the data transfer, stating that the “business need” outweighed the security risks and that he accepted full responsibility. Michael Russo, a senior DOGE operative and former CIO, also endorsed the move.

After raising concerns internally without adequate response, Borges turned to Congress through his attorney, Andrea Meza of the Government Accountability Project, urging immediate oversight to address what he called a grave threat to national data security.

This incident marks the latest in a series of cybersecurity controversies involving the current administration and its DOGE appointees, who have assumed broad control over federal datasets since January.

When contacted for comment, a White House spokesperson referred questions to the Social Security Administration. A spokesperson for the SSA, Nick Perrine, responded via email, stating that the agency stores personal data in “secure environments with robust safeguards” and that the data in question is held in a long-standing system isolated from the internet. He added that high-level career officials maintain administrative access under oversight from the information security team and that there is no evidence of any compromise.

While cloud-based data breaches at the federal level are uncommon, they are not unprecedented. Last year, a misconfiguration in a Microsoft Azure cloud environment used by the Department of Defense led to the public exposure of thousands of sensitive military emails.

(Source: TechCrunch)