DOGE Exposes Social Security Data in Major Cloud Security Breach
▼ Summary
– A whistleblower alleges that DOGE officials created an unauthorized live copy of the Social Security database in a cloud environment, circumventing oversight.
– The Government Accountability Project, representing SSA Chief Data Officer Chuck Borges, reported these security lapses to Congress and the US Office of Special Counsel.
– This copy contains sensitive personal data from the NUMIDENT database, including names, birth details, and Social Security numbers of over 300 million Americans.
– If breached, this data could lead to widespread identity theft, loss of benefits, and costly re-issuance of Social Security numbers.
– The SSA denies storing data insecurely and states it is unaware of any compromise.
A significant cloud security incident has placed the personal data of millions at risk, following allegations that officials within the Social Security Administration created an unauthorized live copy of the national Social Security database. This breach of protocol reportedly occurred in a cloud environment that bypassed standard oversight mechanisms, raising serious concerns about data integrity and public safety.
According to a whistleblower disclosure represented by the Government Accountability Project, Chuck Borges, the SSA’s Chief Data Officer, learned of major security lapses orchestrated by DOGE personnel, current SSA employees. These actions allegedly exposed the sensitive information of more than 300 million Americans. The disclosure was formally communicated to Congress and the U.S. Office of Special Counsel, highlighting the gravity of the situation.
While DOGE had previously been granted access to Social Security records for fraud detection purposes, the creation of a full live replica of the SSA database had not been disclosed before. The letter asserts that these activities were carried out under the direction of SSA Chief Information Officer Aram Moghaddassi, in direct violation of the agency’s established security policies.
The risks associated with this unauthorized copy are profound. The cloud environment in question hosts a real-time duplicate of the Numerical Identification System (NUMIDENT), which holds comprehensive personal data submitted with every Social Security card application. This includes names, birth details, citizenship status, parental information, addresses, and Social Security numbers. Because the copy allegedly lacks proper security controls or access monitoring, malicious actors could exploit this vulnerability to commit identity theft on an unprecedented scale. Victims might face loss of healthcare and nutritional benefits, and the government could incur enormous costs reissuing Social Security numbers nationwide.
In response to these allegations, the SSA issued a statement denying that any data was stored in an insecure manner and maintained that no compromise of information has occurred. The agency continues to assert that its systems remain protected, despite the detailed claims presented in the whistleblower’s disclosure.
(Source: Ars Technica)
