DOGE Accused of Creating Live Copy of the Country\u2019s Social Security Information in Unsecured Cloud Environment
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
A whistleblower disclosure filed today alleges that the Department of Government Efficiency (DOGE) within the Social Security Administration (SSA) covertly created a live copy of the nation\u2019s entire Social Security dataset in an unsecured cloud environment<\/a>.\u00a0<\/p>\n Chief Data Officer Charles Borges warned that, if malicious actors gain access, over 300 million Americans could face identity theft, loss of critical benefits, and the monumental task of re-issuing every Social Security number.<\/p>\n According to the protected disclosure\u00a0submitted<\/a>\u00a0to the U.S. Office of Special Counsel, DOGE officials\u00a0bypassed\u00a0<\/a>standard Information Security and Compliance (ISC) controls,<\/span> including encryption-at-rest, role-based access control (RBAC), and continuous audit logging, when provisioning a cloud instance containing live Social Security Number (SSN) records.\u00a0<\/p>\n Borges notes that neither independent vulnerability assessments nor penetration tests were conducted before spinning up the Amazon Web Services (AWS) S3 bucket storing PII, nor were strict Identity and Access Management (IAM) policies enforced.\u00a0<\/p>\n The cloud environment lacked multi-factor <\/a>authentication <\/a>(MFA)<\/a> on API endpoints and did not employ a secure key management service (KMS), rendering the SSN repository vulnerable to credential stuffing or API key leakage.<\/p>\n Court records show that a lawsuit filed in March 2025 resulted in a temporary restraining order preventing DOGE from accessing production SSN systems until June 6, 2025.\u00a0<\/p>\n However, internal logs reviewed by Borges indicate that DOGE engineers continued to synchronize data via an automated ETL pipeline\u2014using Python scripts and the SSA\u2019s internal RESTful APIs, effectively cloning the live database outside SSA\u2019s Security Operations Center (SOC).<\/p>\n Borges claims that DOGE\u2019s actions constitute serious mismanagement and abuse of authority by bypassing the SSA\u2019s Change Management Board (CMB) and violating federal Cloud Security advice (NIST SP 800-144).\u00a0\u00a0<\/p>\n \u201cThis operation not only breaches the Privacy Act but also exposes the public to a significant cyber-attack surface,\u201d Borges wrote in his internal memo.\u00a0<\/p>\n One SSA executive reportedly acknowledged the risk, stating that the agency might need to re-issue SSNs en masse should the data be compromised.<\/p>\n Andrea Meza, counsel for the whistleblower, urged Congress and the Office of Special Counsel to launch immediate oversight.\u00a0<\/p>\n She emphasized that mitigation measures such as enforcing zero-trust architecture, rotating access keys, and deploying real-time intrusion detection systems (IDS) must be implemented without delay to protect Americans\u2019 most sensitive identifiers.<\/p>\n The post DOGE Accused of Creating Live Copy of the Country\u2019s Social Security Information in Unsecured Cloud Environment<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nKey Takeaways<\/mark><\/strong>
1. DOGE copied 300M SSNs into an unsecured AWS cloud.
2. An automated ETL pipeline synced live SSN data despite a court order.
3. The lapse risks mass identity theft and demands zero-trust security.<\/pre>\nAllegations of Unsecured Cloud Storage<\/strong><\/h2>\n