A whistleblower inside the Social Security Administration (SSA) has raised alarms about what he says is one of the most serious federal data mishandling incidents in recent memory. Charles Borges, the SSA’s Chief Data Officer, has filed an official disclosure claiming that employees of the Department of Government Efficiency (DOGE) moved highly sensitive Social Security information belonging to hundreds of millions of Americans into an unsecured cloud environment without authorization.
The complaint, submitted to the Office of Special Counsel, alleges that DOGE employees copied data containing names, family details, dates and places of birth, race, citizenship status, phone numbers, and a range of personal identifiers. According to the filing, the information potentially touches more than 300 million people — essentially the full population of individuals who have interacted with the Social Security system.
Broad Exposure Risk Raises National Security Concerns
Borges’ filing warns that the scale and sensitivity of the transferred data could create far-reaching risks. With access to SSA systems, he says, it becomes possible for unauthorized users to reach far beyond basic identity information. That could include financial data, health-related details, income levels, and personal biographical history — information that could be exploited for identity theft, financial fraud, and long-term surveillance campaigns if exposed.
The allegations arrive as federal agencies face increased scrutiny over how they manage digital systems and safeguard public data. If validated, Borges’ claims would represent a severe breach of federal privacy protocols and one of the broadest potential government data exposures ever reported.
DOGE’s Formation and Early Conflict Over SSA Data
The Department of Government Efficiency was created in January 2025 with a mission to streamline operations across federal agencies. But almost immediately, according to Borges, DOGE began pushing for extensive access to Social Security data.
Those efforts triggered a legal battle early in the year. A federal court issued a Temporary Restraining Order in February that blocked DOGE from accessing personally identifiable information from SSA’s databases. That was followed by a Preliminary Injunction carrying the same restrictions. The injunction took effect on June 6 but was later put on hold by the U.S. Supreme Court, temporarily easing legal limits on DOGE’s access.
Claims of Repeated Violations Despite Court Orders
Even before the Supreme Court intervened, Borges alleges that DOGE ignored earlier restrictions. He claims that within a day of the TRO going into effect on March 20, DOGE staff restored their access to SSA systems and even expanded it beyond what they previously held. Four days later, the SSA’s Office of Information Security attempted to shut down that access again. The disclosure does not specify whether DOGE followed the directive.
After the high court’s stay of the injunction, Borges says DOGE moved even more aggressively, granting itself access to copy entire SSA datasets containing detailed personal information on nearly every U.S. resident. According to the complaint, this was done without clearance from SSA’s leadership and without the required security safeguards.
The NUMIDENT Database at the Center of the Dispute
At the core of Borges’ concern is DOGE’s alleged attempt to duplicate the SSA’s NUMIDENT system — the comprehensive database that stores everything submitted when someone applies for a Social Security card. It contains identity information on every citizen and many non-citizens.
The Office of Information Security reportedly refused DOGE’s request to move NUMIDENT data into a cloud environment that Borges describes as poorly secured. Instead of accepting that decision, DOGE employees allegedly bypassed the OIS and sought approval from Michael Russo, an SSA official with ties to DOGE. The complaint says Russo granted access, enabling the data transfer.
Borges says he was neither consulted about the request nor informed that the copy had taken place. He also claims he did not receive access to the cloud system afterward, raising concerns about the lack of oversight.
Policy Bypassed and Safeguards Missing
Under SSA internal rules, any transfer involving such sensitive, high-risk data requires approval from the agency’s Chief Information Officer. According to Borges, the CIO — who had only recently joined SSA and had connections to DOGE — did authorize the transfer, but without notifying him or following the level of review typically required for such moves.
Borges maintains that basic protections were absent. He says there were no audited logs, no independent monitoring tools, and no verified controls tracking who accessed the NUMIDENT data and how it was being used. Without those safeguards, he argues, the risk of misuse or undetected breaches was significantly heightened.
The complaint also references a separate tip received earlier this year by congressional oversight staff. That anonymous report claimed DOGE sought SSA data not only to make internal changes at the SSA but also to build a sprawling cross-agency database containing information from the IRS, the Department of Health and Human Services, and other federal entities.
Such a database would merge tax records, health information, and Social Security data into a single system — a move experts warn could create enormous vulnerabilities, violate multiple privacy laws, and concentrate too much personal information in one place.
