A US Senator is demanding answers after a Social Security Administration (SSA) employee who blew the whistle on Department of Government Efficiency (DOGE) dealings involuntarily resigned last month, citing workplace hostility in response to his concerns.
Republican Senator Mike Crapo (it's pronounced Cray-poe), chairman of the Senate Finance Committee, sent a letter to the SSA's commissioner, Frank Bisignano, giving him just two weeks to provide answers to concerns raised last month by now-former SSA Chief Data Officer Charles Borges. The former CDO's whistleblower complaint alleged DOGE had duplicated a critical database filled with taxpayer information, known as Numident, to a test cloud environment that wasn't managed by Borges or SSA, and which allegedly is without any oversight controls.
As Chairman of the Senate Committee on Finance, I must take very seriously every allegation made by a protected whistleblower ... I consider the protection and security of PII held by the agency to be a matter of first importance
Numident is used to store records of every person who has ever applied for a Social Security Card in the United States.
Crapo's questions are numerous, but one with a much shorter deadline stands out: He wants to know whether that duplicate database "was accessed, leaked, hacked, or disseminated in any unauthorized fashion," and he wants it "immediately upon receipt of this letter."
"As Chairman of the Senate Committee on Finance, I must take very seriously every allegation made by a protected whistleblower," Crapo added. "Further, given the large amount of sensitive data under SSA's control, I consider the protection and security of PII held by the agency to be a matter of first importance."
The SSA didn't directly answer questions about its response to Crapo, instead sending us an identical statement to the one it provided when we covered the original whistleblower complaint last month.
"We are not aware of any compromise to this environment and remain dedicated to protecting sensitive personal data," an SSA spokesperson said, while maintaining that Numident data is stored "in secure environments that have robust safeguards in place to protect vital information." That doesn't explain the security of the alleged unauthorized copy of Numident. We pointed this out to the SSA, but haven't heard back.
Borges' complaint was primarily about the Numident copy, but he also raised concerns over his beliefs that DOGE had allegedly committed numerous "systemic data security violations" as well as violations of SSA protocols and federal data privacy laws in its time at the SSA.
In response to his concerns, Borges said in his resignation letter late last month that SSA's actions created a hostile work environment that made it impossible for him to fulfill his duties ethically or lawfully, caused significant distress, and effectively forced him from his role as chief data officer.
... continue reading