Trump admin says Social Security database wasn’t “leaked, hacked, or shared”

The Trump administration yesterday issued a lengthier denial of a whistleblower's allegation that DOGE officials at the Social Security Administration (SSA) copied the agency's database to an insecure cloud system. The allegation centers on the Numerical Identification System (NUMIDENT) database containing Americans' personally identifiable information. The cloud location described by the whistleblower report "is actually a secured server in the agency's cloud infrastructure which historically has housed this data and is continuously monitored and overseen—SSA's standard practice," said a letter sent yesterday to Senate Finance Committee Chairman Mike Crapo (R-Idaho). The letter was sent by SSA Commissioner Frank Bisignano, a Trump appointee who was previously CEO of the financial technology company Fiserv. It came in response to Crapo's request for information. "I can confirm, based on the agency's thorough review, that neither the Numident database nor any of its data has been accessed, leaked, hacked, or shared in any unauthorized fashion," Bisignano wrote. "SSA continuously monitors its systems for any signs of unauthorized access or data compromise, and we have not detected any such incidents involving the Numident database." SSA defends security controls As we reported last month, then-SSA Chief Data Officer Chuck Borges alleged that DOGE officials created "a live copy of the country's Social Security information in a cloud environment that circumvents oversight." The nonprofit Government Accountability Project, which represents Borges, told members of Congress and the US Office of Special Counsel that the "vulnerable cloud environment is effectively a live copy of the entire country's Social Security information from the Numerical Identification System (NUMIDENT) database, that apparently lacks any security oversight from SSA or tracking to determine who is accessing or has accessed the copy of this data." Bisignano's letter yesterday said the SSA has been storing personally identifiable information in Amazon Web Services (AWS) for nearly 10 years. "SSA never transferred the Numident database to a private cloud server within SSA's AWS cloud. SSA does not have a private cloud within its secure AWS," he wrote.