A whistleblower says the government put every American’s Social Security record at risk.
Charles Borges, Chief Data Officer at the Social Security Administration, filed the complaint. He describes a “live copy of the country’s Social Security information in a cloud environment that circumvents oversight.”
The file is the Numident database. It holds names, birth dates, citizenship, race, parents’ names and Social Security numbers, phone numbers, addresses. A full ledger of American identity.
Borges warns what could follow. “Should bad actors gain access to this cloud environment, Americans may be susceptible to widespread identity theft, may lose vital healthcare and food benefits, and the government may be responsible for re-issuing every American new Social Security Number at great cost.”
He says DOGE staff were given “improper and excessive access” to the system. The new setup, his complaint says, creates “enormous vulnerabilities” and risks “the security of over 300 million Americans’ Social Security data.”
The SSA rejects this view. Spokesperson Nick Perrine said the data is “walled off from the internet” and that only senior career officials can reach it, under security team oversight.
“We are not aware of any compromise to this environment and remain dedicated to protecting sensitive personal data.”
Borges says his internal warnings went unanswered. The complaint now sits with investigators. The stakes: nothing less than the safety of the country’s most sensitive data.
Thomas Richards, Infrastructure Security Practice Director at Black Duck, says: “Social security numbers are one of the single most important personally identifiable pieces of information belonging to US citizens.”
If compromised, Richards adds the information would allow attackers to impersonate anyone on that list. “This could lead to financial and other types of identity fraud. Cybersecurity policies were put in place to protect this vital information, and it is very concerning that those polices were not upheld in the DOGE effort.”
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.