On Friday, Chuck Borges, the chief data officer of the Social Security Administration (SSA), reported that he was forcibly removed from his position after submitting a whistleblower complaint. This complaint alleged serious mishandling of sensitive data within the agency. According to multiple SSA sources, this email was shortly retracted from employee inboxes minutes after being sent.
In a resignation letter obtained by WIRED, Borges expressed that he was “regretfully and involuntarily leaving” his role, attributing this to actions taken by the SSA that rendered his responsibilities legally and ethically unmanageable. He cited significant mental, physical, and emotional distress as consequences of these actions, framing his departure as a constructive discharge.
Remarkably, the email containing his resignation disappeared from SSA employee inboxes less than half an hour after it was circulated, although it remains unclear why this occurred or whether the message was restored. Speculation among SSA staff suggests that the critical nature of the email toward agency leadership may have influenced its removal.
According to the Federal Records Act of 1950, U.S. agencies are legally required to keep internal records, including emails exchanged among staff. These regulations emphasize the importance of transparency and accountability within governmental institutions.
Freelance journalist Marisa Kabas was the first to report on both Borges’ resignation and the subsequent vanishing of the email. Neither Borges nor SSA representatives have responded to inquiries for comment on the incident.
Significantly, Borges’ resignation follows his formal whistleblower complaint filed with the U.S. Office of Special Counsel. The complaint accuses the Department of Government Efficiency (DOGE) of inappropriately uploading sensitive SSA data, including personal information linked to millions of Americans, to an unsecured cloud server. He contends that this action contradicts established protocols and poses risks related to data breaches.
In his correspondence, Borges claimed to have uncovered multiple projects that may violate federal regulations regarding the security of sensitive data managed by the agency. These violations reportedly involve unauthorized access and potential data exchanges with other government entities.
In defense, SSA spokesperson Nick Perrine asserted the agency’s commitment to data security, asserting that the sensitive data referenced in Borges’ complaint remains secure and isolated from external threats. Perrine emphasized that SSA implements stringent safeguards to protect personal data.
Moreover, Borges’ whistleblower complaint includes allegations against DOGE affiliates, indicating systemic security failures, potentially dangerous access to sensitive information, and violations of federal privacy laws. These claims depict a concerning picture of the internal workings at the SSA, pointing to apparent abuses of authority and mismanagement that threaten both public safety and trust in governmental institutions.
The dynamics of this situation raise questions about the potential tactics employed, which could align with the MITRE ATT&CK framework’s practices such as initial access and privilege escalation, underscoring the importance of vigilant cybersecurity protocols within governmental agencies.
