Every American who has ever had a Social Security number may now be living with a hidden risk that never really expires.
That is the warning from Chuck Borges, the former chief data officer at the Social Security Administration, who calls the situation a “national security disaster” in an interview with MarketWatch.
Borges alleges that a little-known federal tech team called the Department of Government Efficiency, or DOGE, copied the government’s master Social Security database into a cloud system that lacked normal oversight.
If his account is correct, the mishandling of this information could expose hundreds of millions of people to fraud and abuse for the rest of their lives.
How Social Security data ended up in a risky cloud system
According to a protected disclosure filed with the Office of Special Counsel, Borges told the Government Accountability Project that DOGE officials working at Social Security created a “live copy” of the country’s Social Security records in a separate cloud environment that sidestepped usual security checks.
The group says those lapses put the Social Security information of more than 300 million Americans at risk.
In plain terms, that means data normally locked inside tightly-monitored government systems was duplicated onto remote servers where watchdogs had fewer tools to see who was logging in or what they were doing.
Borges said he saw DOGE personnel appear to give themselves authorization to build this copy despite earlier court orders limiting access, and he warned superiors that the agency might one day be forced to reissue every Social Security number.
What kind of information may be exposed
The dataset at issue is not just a list of numbers. A Washington Post ruling summary describes how DOGE team members were given access to databases containing Social Security numbers, medical and mental health records, bank and credit card information, tax details, work histories, and home addresses for millions of Americans.
A MarketWatch summary shared by reporter Angela Moore adds that the records tied to those numbers also include names, places and dates of birth, citizenship, race and ethnicity, phone numbers, and even parents’ names and Social Security numbers.
When you combine all of that, you get something close to a master key for many parts of a person’s financial life and government benefits.
Security experts worry about this kind of trove because, unlike a credit card, you cannot easily swap out your date of birth or family ties. Once such a detailed profile is widely copied, criminals can potentially open accounts, hijack benefits, or file fake tax returns for years.
Borges has warned that the same information could “perpetuate fraud against every single government system in existence” if it falls into the wrong hands.
Government response and growing political fallout
Social Security officials have pushed back on the most dire version of this story.
In a letter to Senator Michael Crapo last year, Commissioner Frank Bisignano said an internal review found that the core Numident database containing Americans’ Social Security numbers remained secure and had not been hacked, leaked, or accessed in an unauthorized way, contradicting Borges’s allegations about a wholly unprotected copy.
Later court filings have complicated that reassurance. A filing summarized on Representative John Larson’s website states that DOGE workers used the third party service Cloudflare in March 2025 in a way that violated Social Security’s own security policies, and that DOGE employees attempted to pass sensitive personal records to an outside advocacy group seeking to overturn election results.
The same filing says confidential information on about one thousand Americans was sent to Elon Musk’s team, and that the agency still does not know exactly what data reached Cloudflare or whether it remains on that server.
The Department of Justice has since admitted in another case that earlier statements to the courts about DOGE’s access were inaccurate.
A press release from the American Federation of State, County and Municipal Employees describes how Justice Department filings acknowledged that individuals’ personal data had been disclosed to third parties using a non-government server, and that DOGE operatives entered Social Security systems without proper authority, bypassing safeguards and putting bank accounts, health records, wage histories, and immigration status at risk.
What this could mean for ordinary Americans
In its whistleblower release, the Government Accountability Project warns that if bad actors ever gain full access to the copied Social Security environment, Americans could face widespread identity theft, sudden loss of health or food benefits, and the possibility that the government would need to issue new Social Security numbers to everyone.
For most people, that sounds far more disruptive than updating a credit card after a store breach.
Members of Congress and advocacy groups are now pressing for accountability. Larson and Representative Richard Neal have called for a criminal investigation into DOGE appointees, while AARP’s advocacy chief Nancy LeaMond says anyone involved must be held accountable and that Social Security has to make sure “nothing like this can happen again.”
At the end of the day, they are asking the same question many people are quietly wondering at their kitchen tables right now, which is whether the government can still be trusted to guard the data it demands from citizens.
For now, there is no public evidence that this particular cache has been used in large-scale fraud, and the legal fights over DOGE and Social Security’s systems are still unfolding.
Consumer advocates generally urge people to keep an eye on their credit reports, consider a credit freeze, monitor online Social Security statements, and treat any unexpected call or email that mentions their Social Security number with deep skepticism.
