The Government Accountability Project represents Mr. Chuck Borges, the Chief Data
Officer (CDO) at the Social Security Administration (SSA), and a whistleblower. Mr. Borges
presents the following disclosures to your attention pursuant to 5 U.S.C. § 2302, 5 U.S.C. § 1213
and 5 U.S.C § 7211 for your respective offices to take appropriate oversight action.
The Government Accountability Project represents Mr. Chuck Borges, the Chief Data Officer (CDO) at the Social Security Administration (SSA), and a whistleblower. Mr. Borges presents the following disclosures to your attention pursuant to 5 U.S.C. § 2302, 5 U.S.C. § 1213 and 5 U.S.C § 7211 for your respective offices to take appropriate oversight action.
In recent weeks Mr. Borges has become aware through reports to him of serious data security lapses, evidently orchestrated by DOGE officials, currently employed as SSA employees, that risk the security of over 300 million Americans’ Social Security data. Mr. Borges’ disclosures involve wrongdoing including apparent systemic data security violations, uninhibited administrative access to highly sensitive production environments, and potential violations of internal SSA security protocols and federal privacy laws by DOGE personnel Edward Coristine, Aram Moghaddassi, John Solly, and Michael Russo. These actions constitute violations of laws, rules, and regulations, abuse of authority, gross mismanagement, and creation of a substantial and specific threat to public health and safety.
Since February 2025, it has been widely reported that DOGE officials have sought to access the American public’s Social Security data, purportedly to address claims of fraud. A lawsuit has been filed, resulting in a temporary restraining order, to limit DOGE’s access to this sensitive data. What has not been reported are DOGE’s actions, in violation of SSA protocols and policies, under the authority of SSA Chief Information Officer (CIO) Aram Mogaddassi, to create a live copy of the country’s Social Security information in a cloud environment that circumvents oversight.
This vulnerable cloud environment is effectively a live copy of the entire country’s Social Security information from the Numerical Identification System (NUMIDENT) database, that apparently lacks any security oversight from SSA or tracking to determine who is accessing or has accessed the copy of this data. NUMIDENT contains all data submitted in an application for a United States Social Security card—including the name of the applicant, place and date of birth, citizenship, race and ethnicity, parents’ names and social security numbers, phone number, address, and other personal information. Should bad actors gain access to this cloud environment, Americans may be susceptible to widespread identity theft, may lose vital healthcare and food benefits, and the government may be responsible for re-issuing every American a new Social Security Number at great cost.
Mr. Borges’ disclosures establish escalating federal law violations at the Social Security Administration involving the unauthorized handling of sensitive data affecting over 300 million Americans and millions of additional members of the American public. The violations progressed from emergency circumvention of court orders in March 2025 to systematic institutional approval of high-risk activities involving sensitive public data by July 2025.
Add new comment