Members of the so-called Department of Government Efficiency exposed Social Security data of more than 300 million Americans, putting personal information at risk of being leaked or hacked into, according to a bombshell whistleblower report.
A disclosure filed to the government’s top ethics office Tuesday alleges that a DOGE team had uploaded a copy of agency data for virtually every American to a vulnerable cloud server.
The data included addresses, birth dates and other sensitive information that could be used to steal identities.
The whistleblower disclosure from Charles Borges, the agency’s chief data officer, accuses DOGE personnel of copying a live set of data without any independent security or oversight measures in place.
His statement underscores prior warnings from watchdog groups and lawsuits that tried to block the Elon Musk-founded group of young engineers from wreaking havoc across federal agencies.
Borges uncovered “serious data security lapses, evidently orchestrated by DOGE officials” that “risk the security of over 300 million Americans’ Social Security data,” according to the complaint, viewed by The Independent.
His disclosure alleges “systemic data security violations, uninhibited administrative access to highly sensitive production environments, and potential violations” of security protocols and federal privacy laws by DOGE personnel — including Edward “Big Balls” Coristine, the 19-year-old at the center of a wave of controversial policies inside the federal government.
“Should bad actors gain access to this cloud environment, Americans may be susceptible to widespread identity theft, may lose vital health care and food benefits, and the government may be responsible for reissuing every American a new Social Security number at great cost,” according to Borges’ complaint.
In March, a federal judge blocked Musk’s team from accessing Social Security data. But an order from the Supreme Court later paved the way for DOGE to tap into that information.
Borges, a U.S. Navy veteran, began working as the chief data officer at the Social Security Administration in January — just days after Donald Trump entered office, tapping Musk to embed loyalists across the federal government to recommend drastic spending cuts and mass firings.
Borges provided more than two dozen pages of emails, memos and other communications outlining how DOGE “potentially violated multiple federal statutes” designed to protect government data.
In response, one of his superiors noted the possibility that the agency might have to re-issue Social Security numbers, according to the complaint.
The findings were shared with the Office of Special Counsel as well as members of Congress by lawyers at the Government Accountability Project, a whistleblower protection group.
Borges had discovered a “disturbing pattern of questionable and risky security access and administrative misconduct that impacts some of the public’s most sensitive data,” according to Andrea Meza, director of the group’s campaigns for government accountability.
“Out of a sense of urgency and duty to the American public, he is now raising the alarm to Congress and the Office of Special Counsel, urging them to engage in immediate oversight to address these serious concerns,” she said. “Mr. Borges’ bravery in coming forward to protect the American public’s data is an important step towards mitigating the risks before it is too late.”
In a statement to The Independent, a spokesperson for the agency said commissioner Frank Bisignano and agency personnel “take all whistleblower complaints seriously.”
The agency “stores all personal data in secure environments that have robust safeguards in place to protect vital information,” and the data referenced in the complaint “is stored in a long-standing environment used by SSA and walled off from the internet,” according to the agency.
“High-level” officials have access to that system with oversight by the agency’s Information Security team, according to the agency.
“We are not aware of any compromise to this environment and remain dedicated to protecting sensitive personal data,” the spokesperson said.
The White House, which has handled requests for information about DOGE efforts and the U.S. DOGE Service, deferred The Independent’s request for comment to the Social Security Administration.
Musk had baselessly labeled the nation’s retirement and disability agency a “Ponzi scheme” and claimed that as much as $700 billion in annual payments were fraudulent, raising concerns that the world’s wealthiest man was helping the Trump administration lay the groundwork for seismic cuts to the nation’s largest and most popular program.
According to court documents in a federal lawsuit seeking to prevent DOGE from tapping into Social Security data, Musk’s team at the agency sought to bolster the president’s spurious claims that millions of dead people are receiving benefits.
Seven DOGE employees were granted access to Americans’ Social Security data or “personally identifiable information,” government lawyers wrote in March.
Their level of access “provides no avenues” to change beneficiary data or payments, but gives them the ability to “review records needed to detect fraud,” they added.
District Judge Ellen Lipton Hollander had temporarily blocked DOGE from what she called a “fishing expedition” in search of a “fraud epidemic” based on “little more than suspicion” inside the agency.
“The DOGE team is essentially engaged in a fishing expedition at [the agency], in search of a fraud epidemic, based on little more than suspicion,” Judge Lipton wrote in March. “It has launched a search for the proverbial needle in the haystack, without any concrete knowledge that the needle is actually in the haystack.”
DOGE “never identified or articulated even a single reason” why it would need “unlimited access” to Social Security’s entire record systems, which would risk “exposing personal, confidential, sensitive, and private information that millions of Americans entrusted to their government,” the judge added.
A massive breach of Social Security data “is a scandal,” according to Lisa Gilbert, co-president of Public Citizen, which has joined an avalanche of legal challenges against the Trump administration.
“Letting a 19-year-old kid move everyone’s personal data onto a vulnerable server is yet another example of how unfit the Trump administration is to serve its core function: Protecting the rule of law and looking out for the best interests of our people,” she added. “We can’t afford to wait until there is a catastrophic misuse of this data, we need to immediately rein in the tech bros who invaded our government through DOGE.”
