Former SSA Engineer Allegedly Exfiltrated Sensitive Data on Thumb Drive A whistleblower complaint, reported by The Washington Post, alleges that a former software engineer with the Department of Government Efficiency (DOGE) exfiltrated highly restricted Social Security Administration (SSA) databases onto a thumb drive. The SSA’s Office of Inspector General is investigating the incident, which raises concerns about insider threats, removable media controls, and the protection of sensitive federal data. The engineer, who worked with DOGE while embedded at the SSA, reportedly claimed to have taken two critical datasets the Numident and the Death Master File and intended to use the information at a new employer. The Numident is the SSA’s master record of Social Security numbers, containing names, birth details, citizenship status, and parental information, while the Death Master File includes records of deceased individuals, a dataset tightly controlled due to identity theft risks. If verified, the stolen material could involve data linked to over 500 million living and deceased individuals, amplifying risks of identity theft, credit fraud, tax refund fraud, and synthetic identity schemes. Insider threats remain a persistent challenge in cybersecurity, with privileged users often bypassing perimeter defenses. Removable media, such as thumb drives, further exacerbates the risk, as even robust endpoint detection can fail to prevent large-scale exfiltration without strict controls. Federal guidelines, including NIST SP 800-53, mandate least-privilege access, continuous monitoring, and restrictions on portable storage to mitigate such risks. The SSA’s investigation will likely examine access logs, removable media registries, and anomalous data transfers tied to the engineer. If violations are confirmed, potential legal consequences could include charges under the Privacy Act, Computer Fraud and Abuse Act, and theft of government records. Standard containment measures such as suspending credentials, forensic imaging of systems, and validating seized devices are expected. This incident follows broader controversies involving DOGE’s access to SSA systems, including previous allegations of improper data handling and unauthorized cloud uploads. A federal judge previously blocked DOGE from further SSA access, citing concerns over mission clarity and privileged access controls. Investigators are focusing on three key questions: what data was accessed, what was removed, and who else may have received it. Agencies handling SSA data are under pressure to demonstrate stronger controls over removable media, just-in-time privilege elevation, and real-time data loss prevention (DLP) for sensitive datasets. For affected individuals, credit freezes, tax transcript monitoring, and vigilance for benefits-related anomalies remain critical precautions.

Social Security Data Breach Exposes Personal Information of All Americans, Whistleblower Warns A former chief data officer at the Social Security Administration (SSA) has raised alarms over a potential national security disaster, alleging that the personal data of every American with a Social Security number past or present may have been exposed due to government mismanagement. Chuck Borges, who resigned from his position in August, filed a whistleblower complaint accusing the so-called Department of Government Efficiency (DOGE) of uploading a copy of the SSA’s database to an unsecured cloud environment. The exposed data reportedly includes names, Social Security numbers, and addresses, leaving millions vulnerable to fraud and identity theft. Borges described the breach as a "national-security disaster" with lifelong consequences for affected individuals. The incident has prompted calls for a congressional investigation into the handling of sensitive personal data by federal agencies. The allegations highlight critical gaps in oversight and security protocols within government systems, raising concerns about the protection of citizens' most sensitive information. No official response from the SSA or DOGE has been confirmed at this time.

Social Security Data Breach Exposes Personal Information of All Americans, Whistleblower Warns A former chief data officer at the Social Security Administration (SSA) has raised alarms over a potential national security disaster, alleging that the personal data of every American with a Social Security number past or present may have been compromised. Chuck Borges, who resigned in August, claims employees of the Department of Government Efficiency (DOGE) uploaded a copy of the SSA’s database to an unsecured cloud environment, leaving sensitive information including names, Social Security numbers, and addresses vulnerable to exploitation. Borges, now a whistleblower, has filed a complaint, asserting that the government’s mismanagement of this data poses a lifelong risk of fraud for millions. The breach, if confirmed, could have far-reaching consequences, exposing individuals to identity theft and financial harm. The incident has prompted calls for a congressional investigation into the handling of Americans’ private data. The SSA has not yet publicly addressed the allegations, but the claims underscore growing concerns over federal data security practices. The full scope of the breach and its potential impact remain under scrutiny.

Former DOGE Engineer Accused of Exfiltrating Sensitive Social Security Data The Social Security Administration’s (SSA) inspector general is investigating allegations that a former Defense Operational and Geospatial Engineering (DOGE) Service employee accessed and removed highly sensitive agency databases, potentially compromising the personal data of over 70 million Americans. According to sources familiar with the probe, the ex-engineer allegedly transferred the data onto a thumb drive before leaving the agency, raising concerns about an unprecedented breach of security protocols. The incident came to light after a whistleblower reported that the former employee claimed to have taken the information to share with a private employer. The SSA, headquartered in Woodlawn, Maryland, has not confirmed the authenticity of the data or the extent of the exposure. The investigation, which began in early 2026, remains ongoing as authorities assess the potential fallout of the alleged security lapse. The case underscores vulnerabilities in federal data protection measures, particularly at agencies handling vast repositories of personally identifiable information. No further details on the suspect or the private employer have been disclosed.