Department of Government Efficiency Staffers Established Unauthorized ‘Live Replica’ of SSA Data
A report published Tuesday by a whistleblower reveals that staffers from the Trump administration’s Department of Government Efficiency (DOGE) created an unauthorized live replica of Social Security Administration (SSA) data on a cloud server lacking federal oversight. This instance raises serious concerns about data security and regulatory compliance.
This replica holds sensitive information pertaining to over 300 million Americans and was reportedly sanctioned by DOGE officials without the necessary authorization or oversight from the SSA’s infrastructure security team. According to Charles Borges, the agency’s Chief Data Officer, he has formally complained to Congress regarding this breach of protocol.
Earlier reports indicated DOGE, under Elon Musk’s influence, aimed to establish a comprehensive “master database,” potentially in violation of federal privacy laws and regulatory frameworks, as highlighted in a previous disclosure (Whistleblower Warns DOGE Secretly Building ‘Master Database’).
Borges’ complaint accuses DOGE officials of uploading personally identifiable information—such as names, birth dates, addresses, and Social Security numbers—into an unsecured cloud environment, circumventing established protocols, court orders, and sidelining career civil servants. Experts in cybersecurity warn that neglecting oversight and conducting risk assessments in a high-value data context could lead to severe data breaches and undermine public confidence in the federal government’s data protection capabilities.
Michael Daniel, president of the nonpartisan Cyber Threat Alliance, expressed that historically, it would have been highly unusual for an entity like DOGE to override seasoned security officials, but that such incidents appear to have become increasingly commonplace.
The complaint, filed by the Government Accountability Project on Borges’ behalf, emphasizes systemic security lapses, unauthorized access to critical systems, and potential violations of federal privacy statutes, not to mention the risk posed to sensitive data.
Further compounding the issue, former SSA Acting Commissioner Michelle King resigned in February after withholding a substantial amount of sensitive data from DOGE, which included information that could compromise personal privacy. Despite her objections, reports suggested that as of March, DOGE personnel had begun to access SSA systems, allowing for the unsanctioned copying of sensitive data (DOGE’s Nine Worst Cybersecurity Failures Under Elon Musk).
The cloud setup established by DOGE mirrors the SSA’s Numerical Identification System (NUMIDENT), which consolidates data submitted during the Social Security card application process. While Borges did not report breaches of this cloud system, the filing warns of vulnerabilities that could facilitate identity theft and disrupt critical access to social services.
As Borges, a seasoned civil servant with extensive experience in IT and data security, has stated, internal concerns were raised to the chief information officer’s office. Despite a lawsuit temporarily restricting DOGE’s access, DOGE affiliates allegedly continued to maintain excessive access to numerous databases from mid-March onward. The complaint raises alarm over the potential exposure of sensitive personal data that could have drastic implications for every American.
