By Alex Moore
Last year, the Social Security Administration’s (SSA’s) Chief Data Officer (CDO) resigned after filing a whistleblower complaint alleging that employees from DOGE, the now-defunct Department of Government Efficiency, had uploaded data on more than 300 million beneficiaries to an unsecure cloud account. The agency’s internal response was unclear at the time, but now the SSA has come forward with the news that DOGE employees did, in fact, share Social Security data they should not have.
What Data Did the Employees Actually Share?
According to court documents, last March, members of DOGE’s team embedded at the SSA shared data through the third-party server Cloudflare, which is not approved for storing SSA data and outside the agency’s security protocols. So far, SSA has not been able to determine exactly what data the employees uploaded or whether the data still exists on the server since Cloudflare is a third-party system.
However, that’s not the only concerning action. Also, last March, a DOGE-affiliated employee at the SSA sent an encrypted and password-protected file to a senior advisor at DOGE’s central office, plus a DOGE-affiliated employee at the Department of Homeland Security (DHS). Although SSA has yet to access the file to see exactly what it contained, the agency believes the file contained personal identifying information (PII) taken from Social Security’s internal systems, of more than 1,000 people based on the text of the email.
What’s more, a DOGE staffer made an agreement to analyze Social Security data for an outside advocacy group in his capacity as a government employee. When contacted by a political advocacy group seeking to analyze voter rolls and find evidence of voter fraud to overturn election results in certain states, the employee signed a Voter Data Agreement that was not reviewed by the agency’s data exchange procedures. The Department of Justice has issued Hatch Act referrals for both contacted employees. The Hatch Act prohibits federal employees from engaging in partisan political activities while on the job.
Should Senior Citizens Be Concerned?
In a word, yes. We still don’t know exactly what data was shared, and in some cases, with whom. At TSCL, we call for the SSA to prioritize its investigation into this matter, to recover the data, and ensure all mishandled files are deleted or erased from external devices and servers.
Until this happens, there’s a very real risk that someone who shouldn’t have access to sensitive Social Security data. We all know the risks of having your data compromised, so SSA and DOJ should prosecute anyone who doesn’t take that data’s care seriously to the fullest extent of the law possible.