on every American including health diagnoses, income levels and banking information, family relationships, and personal biographic data could be exposed publicly, and shared widely.”
The complaint said any compromise or unauthorized access to the database would have “catastrophic impact” on the U.S. Social Security program, describing a worst-case scenario as potentially having to reissue everyone’s Social Security numbers.
While a federal restraining order in March initially blocked DOGE staffers from accessing the country’s database of Social Security records, the Supreme Court lifted the order on June 6, paving the way for DOGE’s access.
In the days that followed, DOGE allegedly worked to seek internal approvals from the agency’s top brass, per Borges’ complaint.
The agency’s chief information officer Aram Moghaddassi approved the move to copy the database to the agency’s cloud, saying he “determined the business need is higher than the security risk” and that he accepts “all risks” with the project. The complaint also says Michael Russo, a senior DOGE operative who previously served as the agency’s chief information officer prior to Moghaddassi but remains at the agency, also approved moving live Social Security data to the cloud.
Borges said he first raised issues internally at the agency but later blew the whistle to urge members of Congress to “engage in immediate oversight to address these serious concerns,” according to a statement by his attorney, Andrea Meza, at the Government Accountability Project.
This is the latest accusation of poor cybersecurity practices by the administration and its representatives, including DOGE, since President Trump took office earlier in January. Since January, members of DOGE have taken sweeping control of most U.S. federal departments and their datasets of citizens’ data.
When reached by TechCrunch, Elizabeth Huston, a spokesperson for the White House, would not say if the administration was aware of the complaint and deferred comment to the Social Security Administration.
In an emailed response, Social Security Administration spokesperson Nick Perrine said the agency “stores personal data in secure environments that have robust safeguards in place to protect vital information.”
“The data referenced in the complaint is stored in a long-standing environment used by SSA and walled off from the internet. High-level career SSA officials have administrative access to this system with oversight by SSA’s Information Security team,” the spokesperson added.
The spokesperson said the agency was “not aware of any compromise to this environment.”
Data breaches involving federal government data stored in the cloud are rare but not unheard of. In 2023, TechCrunch reported that the U.S. Department of Defense publicly exposed thousands of sensitive military emails online due to a security lapse. While the email data was stored in Microsoft Azure’s separate cloud dedicated for government customers, a misconfiguration allowed the contents of a military unit’s emails to publicly spill online.
Correction: An earlier version of this story misstated where the DOD’s exposed email was hosted. The story now accurately reflects that the exposed data was hosted on Microsoft’s Azure.
