Members of the so-called Department of Government Efficiency exposed Social Security data of more than 300 million Americans, putting personal information at risk of being leaked or hacked into, according to a bombshell whistleblower report.
A disclosure filed to the governmentâs top ethics office Tuesday alleges that a DOGE team had uploaded a copy of agency data for virtually every American to a vulnerable cloud server.
The data included addresses, birth dates and other sensitive information that could be used to steal identities.
The whistleblower disclosure from Charles Borges, the agencyâs chief data officer, accuses DOGE personnel of copying a live set of data without any independent security or oversight measures in place.
His statement underscores prior warnings from watchdog groups and lawsuits that tried to block the Elon Musk-founded group of young engineers from wreaking havoc across federal agencies.
Borges uncovered âserious data security lapses, evidently orchestrated by DOGE officialsâ that ârisk the security of over 300 million Americansâ Social Security data,â according to the complaint, viewed by The Independent.
His disclosure alleges âsystemic data security violations, uninhibited administrative access to highly sensitive production environments, and potential violationsâ of security protocols and federal privacy laws by DOGE personnel â including Edward âBig Ballsâ Coristine, the 19-year-old at the center of a wave of controversial policies inside the federal government.
âShould bad actors gain access to this cloud environment, Americans may be susceptible to widespread identity theft, may lose vital health care and food benefits, and the government may be responsible for reissuing every American a new Social Security number at great cost,â according to Borgesâ complaint.
In March, a federal judge blocked Muskâs team from accessing Social Security data. But an order from the Supreme Court later paved the way for DOGE to tap into that information.
Borges, a U.S. Navy veteran, began working as the chief data officer at the Social Security Administration in January â just days after Donald Trump entered office, tapping Musk to embed loyalists across the federal government to recommend drastic spending cuts and mass firings.
Borges provided more than two dozen pages of emails, memos and other communications outlining how DOGE âpotentially violated multiple federal statutesâ designed to protect government data.
In response, one of his superiors noted the possibility that the agency might have to re-issue Social Security numbers, according to the complaint.
The findings were shared with the Office of Special Counsel as well as members of Congress by lawyers at the Government Accountability Project, a whistleblower protection group.
Borges had discovered a âdisturbing pattern of questionable and risky security access and administrative misconduct that impacts some of the publicâs most sensitive data,â according to Andrea Meza, director of the groupâs campaigns for government accountability.
âOut of a sense of urgency and duty to the American public, he is now raising the alarm to Congress and the Office of Special Counsel, urging them to engage in immediate oversight to address these serious concerns,â she said. âMr. Borgesâ bravery in coming forward to protect the American publicâs data is an important step towards mitigating the risks before it is too late.â
In a statement to The Independent, a spokesperson for the agency said commissioner Frank Bisignano and agency personnel âtake all whistleblower complaints seriously.â
The agency âstores all personal data in secure environments that have robust safeguards in place to protect vital information,â and the data referenced in the complaint âis stored in a long-standing environment used by SSA and walled off from the internet,â according to the agency.
âHigh-levelâ officials have access to that system with oversight by the agencyâs Information Security team, according to the agency.
âWe are not aware of any compromise to this environment and remain dedicated to protecting sensitive personal data,â the spokesperson said.
The White House, which has handled requests for information about DOGE efforts and the U.S. DOGE Service, deferred The Independentâs request for comment to the Social Security Administration.
Musk had baselessly labeled the nationâs retirement and disability agency a âPonzi schemeâ and claimed that as much as $700 billion in annual payments were fraudulent, raising concerns that the worldâs wealthiest man was helping the Trump administration lay the groundwork for seismic cuts to the nationâs largest and most popular program.
According to court documents in a federal lawsuit seeking to prevent DOGE from tapping into Social Security data, Muskâs team at the agency sought to bolster the presidentâs spurious claims that millions of dead people are receiving benefits.
Seven DOGE employees were granted access to Americansâ Social Security data or âpersonally identifiable information,â government lawyers wrote in March.
Their level of access âprovides no avenuesâ to change beneficiary data or payments, but gives them the ability to âreview records needed to detect fraud,â they added.
District Judge Ellen Lipton Hollander had temporarily blocked DOGE from what she called a âfishing expeditionâ in search of a âfraud epidemicâ based on âlittle more than suspicionâ inside the agency.
âThe DOGE team is essentially engaged in a fishing expedition at [the agency], in search of a fraud epidemic, based on little more than suspicion,â Judge Lipton wrote in March. âIt has launched a search for the proverbial needle in the haystack, without any concrete knowledge that the needle is actually in the haystack.â
DOGE ânever identified or articulated even a single reasonâ why it would need âunlimited accessâ to Social Securityâs entire record systems, which would risk âexposing personal, confidential, sensitive, and private information that millions of Americans entrusted to their government,â the judge added.
A massive breach of Social Security data âis a scandal,â according to Lisa Gilbert, co-president of Public Citizen, which has joined an avalanche of legal challenges against the Trump administration.
âLetting a 19-year-old kid move everyoneâs personal data onto a vulnerable server is yet another example of how unfit the Trump administration is to serve its core function: Protecting the rule of law and looking out for the best interests of our people,â she added. âWe canât afford to wait until there is a catastrophic misuse of this data, we need to immediately rein in the tech bros who invaded our government through DOGE.â
