A whistleblower disclosure filed by the Social Security Administration’s Chief Data Officer has raised critical concerns about the Department of Government Efficiency (DOGE) allegedly creating an unauthorized live copy of over 300 million Americans’ Social Security information in an unsecured cloud environment, potentially exposing the nation’s most sensitive personal data to widespread identity theft and security breaches.
Charles Borges, who serves as the Chief Data Officer at the Social Security Administration and leads the Office of Analytics, Review, and Oversight, submitted a protected disclosure to the Office of Special Counsel and congressional committees on August 26, 2025.
Borges’ allegations detail how DOGE officials employed by SSA created a live copy of the entire Social Security database in a cloud environment that operates without proper oversight mechanisms or independent security controls.
According to the disclosure, these actions represent a systematic pattern of security circumvention that began with violations of a court-issued temporary restraining order in March 2025.
The restraining order, which remained in effect until June 6, 2025, was issued following a lawsuit aimed at preventing DOGE’s access to Social Security data.
Despite this legal restriction, Borges alleges that DOGE personnel appeared to give themselves authorization to access and copy SSA’s complete dataset on American citizens.
The technical implications of this unauthorized data replication are severe. As CDO, Borges is responsible for maintaining full visibility into data access, data exchange, and cloud-based environments at SSA.
His position requires him to ensure the safety, integrity, and security of public data, making his concerns about compromised data governance protocols particularly significant from a technical standpoint.
Borges’ disclosure describes a progression of wrongdoing at SSA that escalated from initial court order circumvention in March 2025 to the approval of high-risk activities outside normal review and approval procedures by July 2025.
The technical architecture of this unauthorized cloud environment reportedly lacks standard security controls and oversight mechanisms that are typically required for handling sensitive personally identifiable information (PII) at this scale.
When Borges raised internal concerns about these security lapses in August 2025, describing them as gross mismanagement that poses substantial threats to public health and safety, one supervisor acknowledged the severity by noting that SSA might need to re-issue Social Security Numbers to all Americans.
This acknowledgment underscores the catastrophic potential impact of a security breach involving this unauthorized data repository.
The technical risks extend beyond individual identity theft to include systematic compromise of federal benefits systems, potential disruption of healthcare access, and the unprecedented logistical challenge of re-issuing Social Security Numbers to the entire American population.
According to Andrea Meza, Director of Campaigns for Government Accountability Project and Borges’ attorney, the whistleblower’s disclosure reveals “a disturbing pattern of questionable and risky security access and administrative misconduct” affecting some of the public’s most sensitive data.
The Government Accountability Project, which has served as the leading international whistleblower protection organization since 1977, is now facilitating Congressional and Office of Special Counsel oversight of these allegations.
The technical security implications of this case highlight fundamental gaps in federal data governance when efficiency initiatives override established security protocols.
The unauthorized cloud replication of Social Security data represents a significant departure from standard federal data protection practices, potentially creating multiple attack vectors for malicious actors seeking to exploit American citizens’ personal information at an unprecedented scale.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
PortSwigger has leveled up Burp Suite's scanning arsenal with the latest Active Scan++ extension, version…
Unit 42 researchers at Palo Alto Networks exposed serious flaws in the Model Context Protocol…
Polish police have arrested three Ukrainian men traveling through Europe and seized a cache of…
Google has launched its most significant Chrome update ever, embedding Gemini AI across the browser…
Attackers exploit this vulnerability through the router's web interface components, specifically "cgibin" and "hnap_main," by…
Security researchers have uncovered a severe flaw in Apache Tika, a popular open-source toolkit for…