The commissioner of the Social Security Administration (SSA) has said that information in agency databases has not been accessed or leaked after a whistleblower complaint last month alleged security breaches by Department of Government Efficiency (DOGE) officials.
A Sept. 16 letter from Frank Bisignano, commissioner of SSA, to Congress refuted claims made by Chuck Borges, former chief data officer (CDO) at SSA. Borges alleged systemic data security violations, unlimited access to highly sensitive environments, and potential violations of SSA security protocols and federal privacy laws.
Those claims, laid out in a letter to Congress by the Government Accountability Project representing Borges, said that a live copy was made of Americans’ social security data and information associated with the Numerical Identification System (NUMIDENT) within a cloud environment that “circumvents oversight” and “apparently lacks any security oversight from SSA.”
“Should bad actors gain access to this cloud environment, Americans may be susceptible to widespread identity theft, may lose vital healthcare and food benefits, and the government may be responsible for re-issuing every American a new Social Security Number at great cost,” officials warned.
Bisignano denied any missteps in protocol or illegal actions taken by SSA or DOGE officials, instead stating that the agency took appropriate measures to address Borges’ complaints and found no wrongdoing.
“I can confirm, based on the agency’s thorough review, that neither the Numident database nor any of its data has been accessed, leaked, hacked, or shared in any unauthorized fashion,” wrote Bisignano.
“SSA continuously monitors its systems for any signs of unauthorized access or data compromise, and we have not detected any such incidents involving the Numident database,” he added.
The commissioner said that the Amazon Web Services cloud environment referenced by Borges is “a secured server in the agency’s cloud infrastructure,” which he said has historically housed that data and falls under SSA’s standard security practices.
Bisignano also addressed Borges’ statements that high information clearances were given to DOGE employees without the proper vetting and experience typically required to receive those approvals.
“All employees are required to go through a vetting process prior to being granted access to SSA information systems,” said Bisignano, adding that DOGE’s access “did not diverge from standard agency processes.”
Borges said that his repeated requests for an investigation into his concerns were not addressed by SSA leadership, which Bisignano countered with claims that the former CDO did not address his concerns with the appropriate agency officials.
DOGE’s access to SSA data has been an ongoing concern since DOGE employees first sought access to SSA’s data in January. While a lawsuit in March temporarily blocked DOGE’s access to sensitive SSA systems, the Supreme Court sided with the Trump administration in June to continue allowing DOGE to access the data of millions of Americans through SSA’s databases.
That access has led to letters from lawmakers voicing concerns about how that data has been handled by DOGE officials, including whether that data has been leaked or securely stored.
Borges resigned after filing his whistleblower complaint and had been working as the SSA CDO since late January.
“Document what you see. Document what you’re asked to do. Keep contemporaneous records. This protects you, but also helps tilt the scales of history so the balance falls on the correct side,” wrote Borges in a LinkedIn post after filing his complaint.