The Social Security Administration's chief data officer just went public with explosive allegations that could represent the largest government data breach in U.S. history. Charles Borges claims the Department of Government Efficiency uploaded a live copy of 450 million Social Security records to an inadequately secured cloud server, potentially exposing every American's most sensitive personal data.
The bombshell dropped Tuesday afternoon when Charles Borges, the Social Security Administration's chief data officer, filed a whistleblower complaint that reads like a cybersecurity nightmare. According to Borges, members of the Trump administration's Department of Government Efficiency uploaded the crown jewel of American personal data — the entire Social Security database — to what he describes as a vulnerable Amazon cloud server lacking proper security controls.
The database in question, known as the Numerical Identification System, contains more than 450 million records with some of the most sensitive personal information imaginable: Social Security numbers, family member data, health diagnoses, income levels, banking information, citizenship status, and biographical details for virtually every American. "If this information were compromised, it is possible that the sensitive [personally identifiable information] on every American could be exposed publicly, and shared widely," Borges warned in his complaint.
The controversy traces back to a legal battle that unfolded earlier this year. A federal restraining order initially blocked DOGE staffers from accessing the Social Security database in March, but the Supreme Court lifted that order on June 6, clearing the path for what Borges alleges became a reckless data migration.
Within days of gaining legal access, DOGE operatives — described by Borges as former Elon Musk employees appointed to reduce government fraud and waste — began working to secure internal approvals for the controversial cloud upload. The agency's chief information officer Aram Moghaddassi ultimately signed off, stating he "determined the business need is higher than the security risk" and accepting "all risks" with the project, according to the complaint.
What makes this particularly alarming is the level of access DOGE operatives allegedly obtained. Borges claims they were given administrator privileges to the agency's cloud environment, potentially allowing them to create "publicly accessible services." Translation: they could theoretically expose the cloud system and its treasure trove of sensitive data to the public internet.
