A whistleblower complaint has accused Trump-era officials of copying the personal information of more than 300 million Americans, including Social Security numbers, into a poorly secured cloud environment, raising fears of identity theft and misuse.
The complaint, filed by Social Security Administration Chief Data Officer Charles Borges through the nonprofit Government Accountability Project, alleges that in June the Department of Government Efficiency (DOGE) ordered a live copy of the SSA's Numerical Identification System database - the master file of Social Security card applications - to be transferred to a private section of the agency's cloud infrastructure. Borges claims the database contains "the entire country's Social Security information," including "the name of the applicant, place and date of birth, citizenship, race and ethnicity, parents' names and social security numbers, phone number, address, and other personal information."
Borges warned that "should bad actors gain access to this cloud environment, Americans may be susceptible to widespread identity theft, may lose vital healthcare and food benefits," adding that the move risks "the security of over 300 million Americans' Social Security data."
According to Borges, senior Trump appointees at the SSA, many of whom were previously part of DOGE, initiated the copy following a June 10 request by John Solly, a former DOGE employee now at SSA. NPR reported that the transfer was authorized by Michael Russo, another official tied to DOGE, and later received "Provisional Authorization to Operate" in July from SSA Chief Information Officer Aram Moghaddassi. In his decision, Moghaddassi wrote: "I have determined the business need is higher than the security risk associated with this implementation and I accept all risks associated with this implementation and operation."
Career cybersecurity staff inside SSA flagged the move as highly dangerous. An internal "Risk Assessment Form" dated June 16 stated: "Unauthorized access to the NUMIDENT would be considered catastrophic impact to SSA beneficiaries and SSA programs," recommending that "production data should not be used." Borges said he raised concerns internally but "to date has not been made aware of any remedial action."
Andrea Meza, an attorney with the Government Accountability Project representing Borges, told NPR the environment "lacks independent security, monitoring and oversight." She added that Borges "has serious concerns about the vulnerability it causes for nearly every American's data."
The Social Security Administration has pushed back against the claims. In a statement to ABC News and NPR, a spokesperson said: "Commissioner [Frank] Bisignano and the Social Security Administration take all whistleblower complaints seriously. SSA stores all personal data in secure environments that have robust safeguards in place to protect vital information." The spokesperson added: "The data referenced in the complaint is stored in a long-standing environment used by SSA and walled off from the internet. High-level career SSA officials have administrative access to this system with oversight by SSA's Information Security team. We are not aware of any compromise to this environment and remain dedicated to protecting sensitive personal data."
The allegations arrive amid a broader pattern of controversy surrounding DOGE's handling of sensitive federal records. Earlier this year, whistleblowers accused DOGE officials of taking data from the National Labor Relations Board and attempting to conceal their actions. DOGE-affiliated officials have also been linked to efforts to use personal data in support of unsupported voter fraud claims.
The June transfer came just days after a U.S. Supreme Court ruling lifted a temporary order that had restricted DOGE officials' access to the SSA's most sensitive files. The 6-3 decision by conservative justices granted temporary clearance for DOGE staff to review the data, effectively enabling the copy of the NUMIDENT database into the SSA's Amazon Web Services infrastructure.
Borges, a Navy veteran who joined SSA as chief data officer in January 2025 after serving at the General Services Administration, the Office of Management and Budget, and the Centers for Disease Control, says the unresolved vulnerabilities represent "gross mismanagement" and "a substantial and specific threat to public health and safety."
