DOGE Accused of Duplicating Critical Social Security Database on Unsecured Cloud

By lambert
Headline
DOGE accused of duplicating critical Social Security database on unsecured cloud
URL
https://www.theregister.com/2025/08/26/whistleblower_accuses_doge_of_duplicating
URL (Archive)
https://archive.is/V9hta
Pubdate
One-liner
"The database was copied in June and the only people who had administrator access to the duplicate were two DOGE employees."
Timeline
DOGE
Document Type
News and Analysis (Mainstream)
Venue
The Register
Byline
Brandon Vigliarolo
Report Excerpt

A Social Security Administration employee has filed a whistleblower complaint alleging that Donald Trump’s DOGE cost-cutting unit has put the records of every single American at risk by duplicating an agency database in an unauthorized cloud environment.

It’s not just any SSA flunkie making the accusations either. The complaint, filed today by the Government Accountability Project (GAP), comes from the SSA’s own chief data officer, Charles Borges, who has been in the position since January, capping off a more than 30 year government IT career that began with 22 years in the US Navy.

Most damningly, Borges alleges DOGE took the NUMIDENT database, which “contains all data submitted in an application for a United States Social Security card,” and reproduced it in a test cloud environment that wasn’t managed by the SSA and was “lacking independent security controls.” The database was copied in June, according to the complaint, and the only people who had administrator access to the duplicate were two DOGE employees — not the Division of Infrastructure Services admins that the SSA requires to manage its digital services.

Borges claimed that he received reports that the NUMIDENT copy’s cloud environment had “no verified audit or oversight mechanisms,” and that no one outside DOGE had insight into any code being executed against the data.

According to the complaint, the ramifications of the NUMIDENT copy getting into malicious hands would be catastrophic.

“Should bad actors gain access to this cloud environment, Americans may be susceptible to widespread identity theft, may lose vital healthcare and food benefits, and the government may be responsible for re-issuing every American a new Social Security Number at great cost,” Borges’ lawyers wrote.

As for what comes next for the complaint, the GAP, who is representing Borges in the complaint, told us that the Office of Special Council [sic] has 45 days to review the complaint before deciding how to act next.

Unfortunately, the OSC’s job is only to determine whether the complaints are substantially likely, and then hand the matter off to the agency involved for it to perform its own investigation. In other words, this is entirely up to the SSA to resolve. They’re required to report back to the OSC, and Borges would be given a chance to issue a response, but it’s ultimately up to those who might be violating the rules to investigate the alleged violation.

Kicker
Data Exfiltration
People
Charles Borges
NGO
Government Accountability Project
Government Entity
Social Security Administration
Division of Infrastructure Services
Office of Special Counsel
Databases and Systems (Government)
NUMIDENT
Tags
Social Security number
identity theft
the cloud

Add new comment

About text formats
You have the option to tag the comment. When you start typing in the "Comment Tags" field, a dropdown with existing tags will appear; use these if possible. You can create tags that do not appear in the dropdown, but please remember that this is a family blog.