On August 26, 2025, Charles Borges, the chief data officer at the Social Security Administration, filed a whistleblower disclosure, submitted by the Government Accountability Project that confirmed our fears. The disclosure, addressed to the Senate Committee on Homeland Security & Government Affairs, the Senate Committee on Finance, the Acting Special Counsel, the House Committee on Oversight and Government Reform and the House Ways and Means Committee, alleges that DOGE “employees copied ultrasensitive data to a cloud server that does not meet government standards for protecting data privacy.” He further alleges that there are “serious data security lapses…orchestrated by DOGE officials, currently employed as SSA employees, that risk the security of over 300 million Americans’ Social Security data.”

In June 2025, the U.S. Supreme Court stayed the March 2025 preliminary injunction issued by the District Court which blocked DOGE’s access to sensitive government data, allowing DOGE to proceed with its work. The disclosure alleges that, since then, “DOGE officials employed by SSA have created a live copy of a critical database, known as the NUMIDENT file, in a cloud environment.” The NUMIDENT database has over “548 million Social Security numbers, along with the identifying information of everyone living or dead who has ever had a Social Security number.” The database is alleged to include “all information submitted in an application for a United States Social Security card.” (Emphasis original).

According to the complaint, the data hosted on the virtual cloud environment with Amazon Web Services was only accessible by DOGE employees, and DOGE was warned that copying the data “could make Americans vulnerable to identity theft,” but DOGE proceeded with copying the data. In addition, there were “no oversight mechanisms in place to determine what the data was being used for or whether it was properly secured, and there was no independent security monitoring of the cloud environment,” and the Social Security Administration’s acting chief information security officer warned that “after a thorough review, we have determined that this request [to copy the information] poses a high risk.” The disclosure further states that “no one outside the former DOGE group had insight into code being executed against SSA’s live production data.” To this writer, this also could mean that the data could be disclosed from the environment, including into generative AI tools, which is of grave concern.

According to the claimed whistleblower, “should bad actors gain access to this cloud environment, Americans may be susceptible to widespread identity theft, may lose vital health care and food benefits, and the government may be responsible for reissuing every American a new Social Security number at great cost.” This disclosure is distressing. Copying the entire database that contains highly sensitive data of everyone who has submitted an application for a U.S. Social Security card into an insecure environment, with no outside controls or using best practices, is a recipe for disaster. Since the U.S. Supreme Court has failed to acknowledge the risk of unfettered access to the Social Security Administration’s data, hopefully, members of Congress will urgently address this disclosure with deliberate speed to minimize the risk to all of us.