A whistleblower, former SSA Chief Data Officer Charles Borges, alleged that the DOGE (a Trump-era cost-cutting unit) created an unauthorized, unsecured copy of the Numident database a critical repository containing records of every individual who has ever applied for a U.S. Social Security Number. The duplicate was reportedly hosted in a cloud environment outside SSA’s control, managed by DOGE employees rather than SSA’s authorized administrators, violating security protocols. While the SSA denied any breach of the *original* Numident database, it avoided addressing the existence or security of the duplicate copy, raising concerns about potential exposure of highly sensitive personal data (e.g., SSNs, identities, and historical records) of millions of Americans. The lack of transparency, combined with allegations of retaliation against the whistleblower and the SSA’s refusal to directly confirm or deny the copy’s security status, suggests a high-risk scenario of unauthorized data replication and potential future exploitation especially given the database’s role in national identity verification and financial systems. The incident also highlights governance failures, as DOGE operates without congressional oversight, increasing the risk of misuse or further unauthorized access.
Source: https://www.theregister.com/2025/09/17/ssa_denies_doge_whistleblower_claim/
TPRM report: https://www.rankiteo.com/company/ssa-oig
"id": "ssa1693216091725",
"linkid": "ssa-oig",
"type": "Breach",
"date": "9/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 'Potentially all individuals '
'with a Social Security Number '
'(SSN)',
'industry': 'Public Administration',
'location': 'United States',
'name': 'Social Security Administration (SSA)',
'type': 'Government Agency'}],
'data_breach': {'data_exfiltration': ['Alleged: Unauthorized copy moved to '
'external cloud'],
'file_types_exposed': ['Database Records (Numident)'],
'personally_identifiable_information': ['Social Security '
'Numbers (SSNs)',
'Applicant Records'],
'sensitivity_of_data': ['Extremely High (Personally '
'Identifiable Information - PII)'],
'type_of_data_compromised': ['Potential: Social Security '
'Number (SSN) Records (Numident '
'Database)']},
'date_publicly_disclosed': '2025-08-06',
'description': 'Ex-SSA Chief Data Officer Charles Borges filed a '
'whistleblower complaint in August 2025, accusing employees of '
'the DOGE (a Trump-decreed, cost-cutting unit) of creating an '
'unauthorized, unsecured copy of the Numident database '
'(containing records of every person who applied for a Social '
'Security Number) and placing it in a cloud environment '
"outside SSA's management. The SSA denied the allegations but "
'did not explicitly address the existence or security of the '
'alleged duplicate database. Republican Senator Mike Crapo and '
"Borges' legal team have raised concerns, while the SSA's "
'response has been criticized for evading key questions about '
'the copy.',
'impact': {'brand_reputation_impact': ['Public Distrust',
'Congressional Oversight Concerns',
'Media Scrutiny'],
'data_compromised': ['Potential: Numident Database (SSN records of '
'all applicants)'],
'identity_theft_risk': ['High (if copy was compromised; contains '
'SSN records)'],
'legal_liabilities': ['Potential Violation of Federal Information '
'Security Modernization Act (FISMA)',
'Whistleblower Retaliation Claims'],
'operational_impact': ['Whistleblower Resignation (Charles Borges)',
'Regulatory Scrutiny',
'Reputation Damage'],
'systems_affected': ['Alleged Unauthorized Cloud Copy of '
'Numident']},
'initial_access_broker': {'entry_point': ['Unauthorized Cloud Environment '
'(Alleged)'],
'high_value_targets': ['Numident Database (SSN '
'Records)']},
'investigation_status': ['Ongoing (Office of Special Counsel preliminary '
'review due mid-October 2025)',
'SSA Internal Investigation'],
'motivation': ['Cost-Cutting',
'Unauthorized Data Access',
'Potential Retaliation Against Whistleblower'],
'post_incident_analysis': {'root_causes': ["Lack of Transparency in SSA's "
'Response',
'Potential Policy Violations by '
'DOGE',
'Whistleblower Retaliation '
'Claims']},
'references': [{'source': 'The Register'},
{'source': 'Whistleblower Complaint (Charles Borges, August '
'2025)'},
{'source': 'Letter from SSA Commissioner Frank Bisignano to '
'Senator Mike Crapo'}],
'regulatory_compliance': {'legal_actions': ['Whistleblower Complaint (Charles '
'Borges)',
'Senate Finance Committee Inquiry '
'(Senator Mike Crapo)',
'Office of Special Counsel Review '
'(Ongoing)'],
'regulations_violated': ['Potential: Federal '
'Information Security '
'Modernization Act '
'(FISMA)'],
'regulatory_notifications': ['Response to Senator '
'Mike Crapo']},
'response': {'communication_strategy': ['Public Denial via Letter to Senator '
'Crapo',
'Media Statements to The Register',
'Distribution List Updates'],
'containment_measures': ['SSA denied unauthorized access or '
'leakage of Numident data (but did not '
'address the copy)'],
'enhanced_monitoring': ["Claimed continuous monitoring of SSA's "
'cloud infrastructure'],
'incident_response_plan_activated': ['Internal Review by SSA',
'Response to Senator Mike '
"Crapo's Inquiry"]},
'stakeholder_advisories': ['Senate Finance Committee (Chairman Mike Crapo)'],
'threat_actor': ['DOGE (Trump-decreed cost-cutting unit)',
'Internal Actors (Alleged)'],
'title': "Unauthorized Copy of SSA's Numident Database Alleged by "
'Whistleblower',
'type': ['Data Breach (Alleged)',
'Unauthorized Data Copy',
'Whistleblower Complaint'],
'vulnerability_exploited': ['Lack of Oversight',
'Unauthorized Cloud Storage',
'Policy Non-Compliance']}