DOGE Allegedly Creates Live Copy of National Social Security Data in Unsecured Cloud Environment

A whistleblower disclosure filed today alleges that the Department of Government Efficiency (DOGE) within the Social Security Administration (SSA) covertly created a live copy of the nation’s entire Social Security dataset in an unsecured cloud environment. Chief Data Officer Charles Borges warned that if malicious actors gain access, over 300 million Americans could face identity theft, loss of critical benefits, and the monumental task of re-issuing every Social Security number. Key takeaways from the disclosure include that DOGE copied 300 million Social Security Numbers (SSNs) into an unsecured Amazon Web Services (AWS) cloud, and an automated ETL pipeline synchronised live SSN data despite a court order. This lapse poses a significant risk of mass identity theft and underscores the urgent need for zero-trust security measures.

According to the protected disclosure submitted to the U.S. Office of Special Counsel, DOGE officials bypassed standard Information Security and Compliance (ISC) controls, including encryption-at-rest, role-based access control (RBAC), and continuous audit logging, when provisioning a cloud instance containing live SSN records. Borges noted that neither independent vulnerability assessments nor penetration tests were conducted before establishing the AWS S3 bucket storing personally identifiable information (PII). The cloud environment lacked multi-factor authentication (MFA) on API endpoints and did not employ a secure key management service (KMS), rendering the SSN repository vulnerable to credential stuffing or API key leakage. Despite a temporary restraining order preventing DOGE from accessing production SSN systems, internal logs indicated that DOGE engineers continued to synchronise data via an automated ETL pipeline. Borges claimed that DOGE’s actions constituted serious mismanagement and abuse of authority, violating federal Cloud Security advice. Andrea Meza, counsel for the whistleblower, urged Congress and the Office of Special Counsel to launch immediate oversight and implement necessary mitigation measures to protect Americans’ sensitive identifiers. 

Categories: Data Security Breach, Government Mismanagement, Cybersecurity Risks 

Tags: Whistleblower, Department of Government Efficiency, Social Security Administration, Unsecured Cloud, Identity Theft, Automated ETL Pipeline, Information Security, Privacy Act, Zero-Trust Security, Cyber-Attack Surface