A whistleblower, former SSA Chief Data Officer Charles Borges, alleged that the DOGE (a Trump-era cost-cutting unit) created an unauthorized, unsecured copy of the Numident database—a critical repository containing records of every individual who has ever applied for a U.S. Social Security Number. The duplicate was reportedly hosted in a cloud environment outside SSA’s control, managed by DOGE employees rather than SSA’s authorized administrators, violating security protocols. While the SSA denied any breach of the original Numident database, it avoided addressing the existence or security of the duplicate copy, raising concerns about potential exposure of highly sensitive personal data (e.g., SSNs, identities, and historical records) of millions of Americans. The lack of transparency, combined with allegations of retaliation against the whistleblower and the SSA’s refusal to directly confirm or deny the copy’s security status, suggests a high-risk scenario of unauthorized data replication and potential future exploitation—especially given the database’s role in national identity verification and financial systems. The incident also highlights governance failures, as DOGE operates without congressional oversight, increasing the risk of misuse or further unauthorized access.

Massive SSA Data Breach Under Investigation Following Whistleblower Allegations The Social Security Administration’s (SSA) Office of the Inspector General (OIG) is investigating a whistleblower complaint alleging that a former employee of the Trump administration’s now-defunct Department of Government Efficiency (DOGE) misused highly sensitive personal data belonging to over 500 million Americans both living and deceased. According to a document obtained by HuffPost, the SSA OIG notified key congressional leaders last week that it had launched an inquiry after receiving an anonymous complaint about the "potential misuse of SSA data" by the ex-DOGE employee. The Washington Post, which reviewed the complaint and spoke with the whistleblower, reported that the individual a former DOGE software engineer claimed to have accessed two critical SSA databases containing Social Security numbers, birthdates, citizenship status, parents’ names, and other personal details. The whistleblower alleged that the ex-employee planned to transfer the data to his personal computer via a thumb drive, intending to "sanitize" it before sharing it with his new private-sector employer. The engineer reportedly told a colleague he believed former President Trump would pardon him if caught. Sen. Ron Wyden (D-Ore.), one of the lawmakers briefed on the complaint, called the allegations "one of the largest known data breaches in American history," suggesting the data was intended for political exploitation. Rep. Robert Garcia (D-Calif.) raised additional concerns, warning that the ex-employee may have retained remote access to edit or manipulate SSA data. This incident is the latest in a series of security failures tied to DOGE, a cost-cutting initiative led by Elon Musk under the Trump administration. In January, the administration admitted in court that DOGE staffers had unauthorized access to SSA data and may have shared it externally. A separate whistleblower complaint in August, filed by SSA’s chief data officer, alleged that DOGE employees recklessly copied the agency’s most sensitive database and stored it insecurely on a cloud server an investigation that remains ongoing.