By Alex Moore
While the Department of Government Efficiency, or DOGE, has retreated from the news over the last several months, the new federal agency designed to cut down on fraud, waste, and abuse across the government has continued to make waves at the Social Security Administration (SSA).
The SSA’s former chief data officer, Charles Borges, submitted a disclosure in August that accused DOGE officials embedded in the SSA of uploading data on more than 300 million beneficiaries to an unsecure cloud account. According to the complaint, after courts filed a temporary restraining order to limit DOGE’s access to SSA data, a group of DOGE officials created a copy of an SSA dataset that contains all information submitted for Americans’ Social Security card applications. No breach of the data has been reported at this time.
To be specific, the disclosure claims that DOGE officials transferred the data to what’s called a test environment, which is basically a system designed to let developers practice working on a dataset. Test environments often do not use real data because they are more vulnerable to cyberattack, instead practicing on generic data designed to simulate the original. According to the complaint, the reason DOGE officials provided for setting up the test environment was to improve the way the SSA exchanges data with other agencies.
After submitting his complaint on DOGE’s practices, Borges resigned from the SSA, alleging that he faced retaliation for speaking out. “After reporting internally to management and externally to regulators, serious data and security and integrity concerns impacting our citizens’ most sensitive personal data, I have suffered exclusion, isolation, internal strife, and a culture of fear, creating a hostile work environment and making work conditions intolerable,” he said in his resignation letter to SSA commissioner Frank Bisignano.
Since then, it has been unclear how the SSA has responded internally to the whistleblower complaint. Few additional details on the truth and severity of the accusations have emerged. However, two things seem clear. First, DOGE remains active at the SSA. And second, it is focused on improving how the SSA shares data with other agencies. That certainly sounds like a worthwhile improvement, but it will be key to prioritize data security while that remains a work in progress.