Data Security

Inside the SSA Probe: What a Thumb Drive Could Mean for 300 Million Americans

NH
NoHackie
March 18, 2026 9 min read

A whistleblower complaint and two separate government investigations have converged on a single alarming allegation: that a former Department of Government Efficiency software engineer may have walked out of the Social Security Administration with a personal copy of databases containing records on nearly every living American.

On March 6, 2026, the Social Security Administration's Office of the Inspector General (OIG) sent a formal notification to the leadership of several House and Senate committees, stating it had opened a review of an anonymous complaint describing "the potential misuse of SSA data by a former DOGE employee, among other allegations," according to a copy of the letter obtained by NPR. Days later, congressional Democrats announced they were independently expanding their own probe after receiving separate whistleblower information pointing to the same underlying concern. What makes this moment different from the months of prior controversy surrounding DOGE and Social Security data is the specificity of the new allegation: a former DOGE software engineer allegedly told co-workers that he possessed two of the agency's tightly restricted databases and had at least one of them stored on a thumb drive he intended to share with a new employer.

The OIG Probe and What Triggered It

The Washington Post first reported on March 10, 2026, that the allegation centered on a former DOGE software engineer who had been embedded at the SSA. According to that reporting, the individual claimed to co-workers to have retained copies of two restricted databases — NUMIDENT and the Death Master File — and to have had at least one dataset on a removable drive intended for his next employer. Neither the engineer nor the company were named in the reporting.

The SSA disputed the claims in a statement provided to NPR: "The allegations by a singular anonymous source have been strongly refuted by all named parties — SSA, the former employee, and the company. Even the Washington Post admitted they could not verify the information — because it is not true." The agency added that its focus remained on "continuing our digital-first transformation to deliver better, faster service for every American."

Despite those denials, the OIG's decision to formally open a review — and to notify Congress directly — signals that oversight officials considered the complaint credible enough to warrant independent investigation. Congressional Democrats who received the OIG's notification were unequivocal. Senator Ron Wyden of Oregon, ranking member of the Senate Finance Committee, stated that the allegations describe "one of the largest known data breaches in American history, perpetrated by Trump appointees for the explicit purpose of weaponizing Americans' sensitive personal data for political gain," and called for "a full public accounting of this breach at Social Security, including justice for anyone who committed or enabled criminal theft of Americans' data." Representatives John B. Larson of Connecticut and Richard E. Neal of Massachusetts, members of the House Ways and Means Committee, said the revelations "demand a full investigation with accountability if wrongdoing is confirmed."

Escalation Timeline: DOGE at SSA
JAN 2025 DOGE embeds at SSA MAR 2025 TRO issued; Voter Agmt signed JUN 2025 SCOTUS lifts block; NUMIDENT copied AUG 2025 Borges files whistleblower complaint JAN 2026 DOJ admits violations in court MAR 2026 OIG opens formal probe
Key escalation points in DOGE's engagement with SSA data systems, from initial access in January 2025 through the OIG's formal probe notification on March 6, 2026.

What the Databases Actually Contain

To understand why the latest allegations prompted immediate congressional reaction, it helps to understand exactly what NUMIDENT and the Death Master File are — and why their combined contents represent a uniquely dangerous set of records if removed from government custody.

NUMIDENT, short for Numerical Identification System, is the SSA's master repository for every Social Security number ever issued — covering all applications dating back to 1936. The full database contains applicants' names, Social Security numbers, dates and places of birth, parents' names, phone numbers, addresses, citizenship status, and race and ethnicity. The database holds records on over 548 million Social Security numbers, encompassing both living Americans and the deceased. Charles Borges, who served as SSA's chief data officer before filing his own whistleblower complaint in August 2025 and later resigning, described the agency's systems as housing "the most sensitive data" in the federal government. In his complaint, filed through the Government Accountability Project, he warned that if bad actors obtained access to NUMIDENT data, Americans could face "widespread identity theft," loss of healthcare and food benefits, and the government could be forced to reissue every Social Security number in the country "at great cost."

The Death Master File (DMF) is a subset of NUMIDENT, containing records on individuals whose deaths have been reported to the SSA. The restricted, full-access version of the DMF — available only to certified federal and state agencies — includes state-reported death data alongside SSA records, and is subject to legal safeguards under Section 205(r) of the Social Security Act. Access requires agencies to justify their legal authority and demonstrate that adequate data protection measures are in place. A public, limited-access version exists for financial institutions and healthcare entities, but the full file is explicitly controlled. The combination of NUMIDENT and the Death Master File would give anyone in possession of both datasets a near-complete picture of the identity information of every American, living or dead, who has ever received a Social Security number.

"This is exactly the scenario that kept me up at night. An irrecoverable loss of the entirety of our personal data. Once that data has left the building, you cannot close Pandora's box again." — Charles Borges, former SSA Chief Data Officer, speaking to NPR, March 11, 2026

Borges went further in his remarks to NPR, stating that such a loss would "not be just another data breach, but could represent a structural failure of our identity system," potentially requiring "significant federal action, counterintelligence planning and response, and the consideration of a complete redesign of how identity works in the United States." That is not hyperbole from a disgruntled former employee — it is a precise technical assessment from a data professional who spent eight months watching DOGE officials make decisions about this data with, by his account, no independent security oversight whatsoever.

A Year of Escalating Incidents

The March 2026 OIG probe is not the beginning of this story. It is the latest chapter in a year-long pattern of escalating incidents that the Trump administration initially denied, then minimized, and finally partially admitted to in a January 2026 court filing that was itself described by watchdog groups as a bombshell.

DOGE personnel began accessing SSA systems in early 2025. Lawsuits filed by labor unions in February 2025 led to a temporary restraining order issued by U.S. District Judge Ellen Hollander in Maryland in March 2025, blocking DOGE from accessing personally identifiable information held at SSA. The administration appealed, and in June 2025 the Supreme Court stayed the injunction through its shadow docket, allowing DOGE access to proceed while the case continued in the lower courts.

It was in the weeks immediately following that Supreme Court ruling that Borges says DOGE made its most aggressive move. According to his August 26, 2025, whistleblower disclosure, a former DOGE employee named John Solly requested that SSA copy its entire NUMIDENT database to a private cloud environment within the agency's Amazon Web Services infrastructure — a copy accessible only to DOGE personnel, with no independent audit trail, no verified security controls, and no visibility for anyone outside the DOGE team. Career cybersecurity officials flagged the request as "very high risk." The SSA's acting chief information security officer stated after review that the request "poses a high risk." Despite those warnings, SSA Chief Information Officer Aram Moghaddassi — described in the complaint as a longtime Elon Musk ally — approved the transfer.

Borges filed his formal disclosure through the Government Accountability Project and submitted it to the Office of Special Counsel and congressional committees. Days later, he was forced to resign. In a resignation letter dated August 29, 2025, he told SSA Administrator Frank Bisignano he was "regretfully involuntarily leaving," describing a workplace culture of "panic and dread" where employees feared retaliation for raising concerns. SSA's response to his resignation was a single sentence: "The agency cannot comment on personnel matters."

What Was Admitted in Court

In a January 16, 2026, court filing, the Department of Justice — acting on behalf of SSA — disclosed that the agency had previously misstated the extent of DOGE access to sensitive data. The filing confirmed that DOGE personnel shared SSA data using Cloudflare, a third-party server that was not approved for SSA data and that the agency had not authorized. Because Cloudflare is a commercial third-party platform, SSA stated it could not determine exactly what data was shared or whether it remained on that server. Two DOGE employees also retained data access after a court order had been entered limiting that access. SSA stated it did not discover any of these violations until an internal review conducted "during or after October 2025" — meaning the agency was unaware of the violations while they were occurring and while it was simultaneously making representations to a federal judge.

Joe Spielberger, senior policy counsel at the Project on Government Oversight, acknowledged it was a positive sign that the Trump administration made Hatch Act referrals in December 2025, but noted that the January 2026 corrections filing "goes way beyond potential Hatch Act violations, to say the least," raising questions about whether SSA had misled the court about what officials knew in real time.

Political Dimensions: Voter Rolls and the Hatch Act

The data security concerns have a political dimension that has drawn separate and significant scrutiny. The January 2026 DOJ filing disclosed that in March 2025 — during the period when Judge Hollander's temporary restraining order was in effect — an unnamed political advocacy group contacted two DOGE members embedded at SSA. The group's stated aim, according to the filing, was to "find evidence of voter fraud and to overturn election results in certain States." One of the DOGE employees signed a formal "Voter Data Agreement" in his capacity as an SSA employee and returned it to the group on March 24, 2025. The agreement was not reviewed or approved through SSA's data exchange procedures. SSA only discovered its existence during an unrelated review in November 2025 — the same month DOGE ended its formal operations.

The political advocacy group was not named in the court filing, but the request closely aligned with an open public appeal made in early March 2025 by True the Vote, an election denial organization whose founder, Catherine Engelbrecht, published a post directed at Musk and DOGE's accounts stating that the group had "already aggregated and normalized state voter roll data, cross-referenced against multiple sources," and urged DOGE to combine its federal database access with True the Vote's assembled voter rolls to "identify discrepancies." Democracy Forward, a legal organization representing plaintiffs in the ongoing case, filed Freedom of Information Act requests specifically seeking the Voter Data Agreement and any communications between SSA DOGE staff and True the Vote.

The day after the Voter Data Agreement was signed — March 25, 2025 — President Trump issued an executive order directing the Department of Homeland Security and DOGE to review state voter registration lists and directing SSA to make its databases accessible to election officials for voter roll verification. The timing raised immediate questions about the sequence of events: whether the agreement preceded or shaped the executive order.

SSA made two Hatch Act referrals to the Office of Special Counsel in December 2025, covering the two employees involved in the voter roll communications. The Hatch Act, enacted in 1939, prohibits federal employees from using their government positions for partisan political activity. A finding of a Hatch Act violation could result in removal from federal service, reduction in grade, debarment from federal employment, or civil penalty.

"Every Republican on the Ways and Means Committee must break their silence on what could very well be the largest data breach in our nation's history, and as we have now learned, may have implications for election security." — Representatives John B. Larson and Richard E. Neal, joint statement, January 2026

Antonio Gracias, a private equity investor and Musk ally who worked with DOGE at SSA, separately pushed what investigators described as unsupported claims about noncitizen voting, using data that court records indicate DOGE should not have had access to at the time. The DOJ filing also revealed that a DOGE staffer transmitted an encrypted file — which DHS believed contained the names and addresses of approximately 1,000 individuals drawn from SSA systems — to the Department of Homeland Security. The contents of that file were not fully established in the filing.

Key Takeaways

  1. The OIG probe is formal and congressional: On March 6, 2026, the SSA's inspector general notified leaders of multiple House and Senate committees that it opened a review of a whistleblower complaint specifically involving a former DOGE employee's potential misuse of SSA data. This is not a preliminary inquiry — it is an official, congressionally notified investigation.
  2. The databases in question cover virtually every American: NUMIDENT holds over 548 million Social Security records, including names, SSNs, birth data, parents' names, citizenship and race information, and contact details. The Death Master File provides a corresponding record of reported deaths. Together they constitute a complete national identity dataset.
  3. A pattern of undisclosed violations was admitted in court: In January 2026, the DOJ confirmed that DOGE personnel used an unapproved third-party server (Cloudflare) to share SSA data, retained access after a court order limiting it, signed a voter data agreement with a political advocacy group without agency approval, and sent encrypted SSA-derived data files to DHS. SSA stated it was unaware of these events while they were occurring.
  4. Two Hatch Act referrals are now with the Office of Special Counsel: The political dimension — DOGE employees coordinating with a group aiming to use federal data to contest election results — has moved beyond congressional criticism into formal federal ethics enforcement territory.
  5. The whistleblower who first raised data security concerns paid a direct professional price: Charles Borges, SSA's chief data officer, filed his disclosure in August 2025, described retaliation and a hostile work environment, and was forced out of his position within days. He has since filed a separate complaint alleging that his departure was retaliatory.

The investigation is now in the hands of the SSA's Office of the Inspector General, with parallel scrutiny from Congress. The core question — whether government databases containing the identity information of hundreds of millions of Americans were copied to unauthorized locations, transmitted over unapproved channels, or removed entirely from federal custody on a personal storage device — remains unanswered. What is no longer in question is that the data protection systems designed to prevent exactly this kind of exposure were circumvented, that the circumventions were not disclosed in real time, and that the full scope of what was accessed, shared, or retained is still unknown.

Sources

← all articles