Massive SSA Data Breach Under Investigation Following Whistleblower Allegations
The Social Security Administration’s (SSA) Office of the Inspector General (OIG) is investigating a whistleblower complaint alleging that a former employee of the Trump administration’s now-defunct Department of Government Efficiency (DOGE) misused highly sensitive personal data belonging to over 500 million Americans both living and deceased.
According to a document obtained by HuffPost, the SSA OIG notified key congressional leaders last week that it had launched an inquiry after receiving an anonymous complaint about the "potential misuse of SSA data" by the ex-DOGE employee. The Washington Post, which reviewed the complaint and spoke with the whistleblower, reported that the individual a former DOGE software engineer claimed to have accessed two critical SSA databases containing Social Security numbers, birthdates, citizenship status, parents’ names, and other personal details.
The whistleblower alleged that the ex-employee planned to transfer the data to his personal computer via a thumb drive, intending to "sanitize" it before sharing it with his new private-sector employer. The engineer reportedly told a colleague he believed former President Trump would pardon him if caught.
Sen. Ron Wyden (D-Ore.), one of the lawmakers briefed on the complaint, called the allegations "one of the largest known data breaches in American history," suggesting the data was intended for political exploitation. Rep. Robert Garcia (D-Calif.) raised additional concerns, warning that the ex-employee may have retained remote access to edit or manipulate SSA data.
This incident is the latest in a series of security failures tied to DOGE, a cost-cutting initiative led by Elon Musk under the Trump administration. In January, the administration admitted in court that DOGE staffers had unauthorized access to SSA data and may have shared it externally. A separate whistleblower complaint in August, filed by SSA’s chief data officer, alleged that DOGE employees recklessly copied the agency’s most sensitive database and stored it insecurely on a cloud server an investigation that remains ongoing.
Source: https://www.huffpost.com/entry/doge-whistleblower-complaint-data-breach_n_69b09a66e4b07e0eaa23d70e
Social Security Administration Office of the Inspector General cybersecurity rating report: https://www.rankiteo.com/company/ssa-oig
"id": "SSA1773195890",
"linkid": "ssa-oig",
"type": "Breach",
"date": "3/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '500 million Americans (living '
'and deceased)',
'industry': 'Public Sector',
'location': 'United States',
'name': 'Social Security Administration (SSA)',
'size': 'Large',
'type': 'Government Agency'}],
'attack_vector': 'Insider Threat',
'data_breach': {'data_exfiltration': 'Attempted (via thumb drive)',
'number_of_records_exposed': '500 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Social Security numbers',
'birthdates',
'citizenship status',
'parents’ names',
'other personal details']},
'description': 'The Social Security Administration’s (SSA) Office of the '
'Inspector General (OIG) is investigating a whistleblower '
'complaint alleging that a former employee of the Trump '
'administration’s now-defunct Department of Government '
'Efficiency (DOGE) misused highly sensitive personal data '
'belonging to over 500 million Americans both living and '
'deceased. The whistleblower claimed the ex-employee accessed '
'SSA databases containing Social Security numbers, birthdates, '
'citizenship status, parents’ names, and other personal '
'details, intending to transfer the data to his personal '
'computer via a thumb drive for potential political '
'exploitation.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': 'Social Security numbers, birthdates, '
'citizenship status, parents’ names, and other '
'personal details',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential',
'systems_affected': 'SSA databases'},
'investigation_status': 'Ongoing',
'motivation': 'Political exploitation, potential financial gain',
'post_incident_analysis': {'root_causes': 'Insecure data handling, '
'unauthorized access, lack of '
'oversight'},
'references': [{'source': 'HuffPost'}, {'source': 'The Washington Post'}],
'regulatory_compliance': {'legal_actions': 'Potential',
'regulatory_notifications': 'Congressional leaders '
'notified'},
'threat_actor': 'Former DOGE software engineer (insider)',
'title': 'Massive SSA Data Breach Under Investigation Following Whistleblower '
'Allegations',
'type': 'Data Breach',
'vulnerability_exploited': 'Unauthorized access to sensitive databases, '
'insecure data handling'}