Whistleblower says Trump officials copied millions of Social Security numbers
toggle caption Wesley Lapointe/The Washington Post/Getty Images
A whistleblower says that a former senior DOGE official now at the Social Security Administration copied the Social Security numbers, names and birthdays of over 300 million Americans to a private section of the agency's cloud. That private cloud environment is accessible by other former DOGE employees at the SSA and is lacking adequate security, the whistleblower claims, potentially putting an enormous amount of private information at risk to being revealed and possibly used by identity thieves.
In a written complaint filed through the nonprofit Government Accountability Project, Charles Borges, the chief data officer at the Social Security Administration, claims that senior Trump appointees at the SSA who were recently part of the Department of Government Efficiency (DOGE) team made the copy in a way that "constitute[s] violations of laws, rules, and regulations, abuse of authority, gross mismanagement, and creation of a substantial and specific threat to public health and safety."
Sponsor Message
Borges says that career cybersecurity officials within the SSA described the decision to copy the data as "very high risk" and even discussed the possibility of having to reissue Social Security numbers to millions of Americans in the event the cloud server was breached.
The copy of the data appears to have been set up inside the SSA's existing cloud infrastructure, which operates on Amazon Web Services. However, according to the complaint, the copied data had far fewer security measures in place to protect it than the SSA's standard protocols typically require.
According to Andrea Meza, an attorney with the Government Accountability Project who represents Borges, the cloud environment appeared to be set up for DOGE-affiliated Social Security staffers, but it "lacks independent security, monitoring and oversight." She said Borges "has serious concerns about the vulnerability it causes for nearly every American's data."
In an email statement to NPR, the Social Security Administration said that its data remains secure. "The data referenced in the complaint is stored in a long-standing environment used by SSA and walled off from the internet," the statement reads in part. "We are not aware of any compromise to this environment and remain dedicated to protecting sensitive personal data."
Copied data
... continue reading