DOGE Transfers Social Security Data to the Cloud

ISMG compiles weekly summaries of cybersecurity breaches globally. Recent incidents include sensitive data shared by the U.S. Social Security Administration on an unauthorized Cloudflare server, affecting the Department of Government Efficiency. Meanwhile, the Canadian Investment Regulatory Organization faced a substantial phishing breach impacting 750,000 investors. The U.K. National Cyber Security Center reported increasing DDoS attacks by Russia-aligned hacktivists, while Ingram Micro experienced a ransomware attack exposing employee records. Additionally, there was a significant surge in Common Vulnerabilities and Exposures (CVE), with a notable uptick of over 21% in 2025, alongside South Korea’s SK Telecom contesting a record data leak fine. Security researchers alerted to critical Chainlit vulnerabilities, and North Korean hackers exploited Microsoft VS Code workflows for malicious purposes.

Related Reading: Understanding Why Cyberattackers Favor ‘Living Off the Land’

U.S. federal prosecutors have revealed that individuals in Elon Musk’s Department of Government Efficiency improperly transferred Social Security data to a cloud server, flouting established federal cybersecurity protocols. This admission aligns with a whistleblower report from August 2025 that alleged DOGE’s unauthorized creation of Social Security data replicas in an unregulated cloud environment.

The Social Security Administration has yet to confirm whether the data remains hosted on the identified third-party platform, Cloudflare. Evidence shows that between March 7 and March 17, 2025, DOGE employees utilized links to disseminate sensitive information via the third-party server.

This disclosure contributes to ongoing legal disputes surrounding DOGE’s operations at the Social Security Administration. Critics have labeled the initiative, led by Musk, as a misallocation of public funds amounting to at least $21.7 billion.

The Canadian Investment Regulatory Organization has issued a warning regarding a phishing attack that compromised sensitive information associated with approximately 750,000 investors. Initially reported in August 2025, the breach involved unauthorized access to various personal details, although CIRO assured that critical functions remained operational and that no immediate threats were detected in their systems.

The U.K. National Cyber Security Center has alerted organizations within the country to threats posed by Russian-aligned hacktivist groups, noting an increase in denial-of-service attacks targeting governmental bodies and infrastructure operators. The advisory identifies groups such as NoName057(16), which have been active in launching persistent attacks against NATO allies.

Ingram Micro has begun notifying approximately 42,000 individuals affected by a ransomware attack that occurred in July 2025. A breach notification letter disclosed that attackers accessed sensitive documents, which included personal data such as Social Security numbers and employment information. Following the incident, Ingram Micro took key systems offline to mitigate damage, resulting in temporary service disruptions.

In 2025, there was a significant increase in reported vulnerabilities, bringing the total Common Vulnerabilities and Exposures (CVE) count to 48,185, marking a 20.6% rise from the previous year. This year saw 3,984 critical vulnerabilities and 15,003 classified as high severity, with December alone accounting for 5,500 new disclosures. Moreover, researchers pointed out that rapid exploitation of vulnerabilities is a growing concern, as nearly 28% of vulnerabilities noted in early 2025 were exploited within a day of disclosure.

South Korea’s SK Telecom is contesting a fine of 135 billion won (approximately $91 million) issued by the country’s privacy watchdog following a data breach affecting all 23 million of its mobile subscribers. The regulatory action came after SK Telecom delayed disclosing a significant leak of Universal Subscriber Identity Module data. The fine is the largest imposed since the establishment of South Korea’s data protection authority in 2020.

Researchers from Zafran Labs have identified two severe vulnerabilities within the Chainlit AI framework, stating they could lead to sensitive data exposure and potential cloud account compromises. The flaws, labeled ChainLeak, could allow attackers to read sensitive files based on manipulated requests through the framework. Zafran’s findings indicate that using such vulnerabilities opens new avenues for integrated development environments, posing a significant risk to organizations leveraging AI in their operations.

Hackers believed to be affiliated with North Korea are reportedly exploiting Microsoft Visual Studio Code to execute malware through legitimate developer workflows. This strategy is part of an evolving campaign aimed at compromising targets by manipulating Git repositories tied to professional assignments. The increase in attacks highlights a concerning trend where sophisticated techniques lead to persistent endpoint compromises, emphasizing the need for robust security measures.

Other Developments This Week

Reports contributed by Gregory Sirico from Information Security Media Group based in New Jersey.