Former DOGE Engineer Accused of Accessing Social Security Databases Containing Records of 500 Million Living and Deceased Individuals

Summarize with:

ChatGPT Claude.ai Google AI Grok Perplexity

Add as preferred source on Google

A massive alleged DOGE data theft is under investigation following a recent whistleblower complaint alleging that a former software engineer at the company exfiltrated highly sensitive records from the U.S. Social Security Administration (SSA). The individual reportedly transferred two critical databases, the "Numident" and the "Master Death File", onto a portable thumb drive before leaving for a private-sector contractor. 

Massive Scope of the Compromised Records

The former Department of Government Efficiency (DOGE) employee reportedly claimed to possess unrestricted administrative access to the SSA's infrastructure, as reported by The Washington Post. 

If verified, this DOGE data breach represents a catastrophic compromise of civilian information. The allegedly exfiltrated datasets may contain records tied to roughly 500 million living and deceased individuals:

• Social Security numbers,
• places and dates of birth, 
• citizenship, 
• race and ethnicity, 
• parents’ names.

While a spokesperson for the SSA has denied the allegations, saying the Washington Post was “eager to publish fake news to scare seniors,” the inspector general's office is currently reviewing the whistleblower's claims. 

Insider Threat Risks

Providing broad, unrestricted system access to temporary personnel or contractors significantly increases the insider threat risk, as it allows the transfer of classified, high-volume databases to unmonitored physical storage devices.

Politico reported in January that two DOGE members were suspected of gaining unauthorized access to Social Security numbers they may have shared with an advocacy group. 

Reports in March 2025 revealed that a DOGE employee sent unencrypted personal data over email, breaching U.S. Treasury policies, a month after the company was accused of accessing citizen financial information.

In December, a former Coinbase support agent was arrested in India over an insider data breach, and one month earlier, CrowdStrike confirmed an insider threat incident linked to Scattered Lapsus$ Hunters and fired an employee amid data leak claims.

Related

ClickUp Hardcoded API Key Exposes Almost 1,000 Customer Emails, Including Government and Corporate Giants

Robinhood Phishing Emails Target Users via Account Creation Flaw

Chinese National Xu Zewei Extradited for HAFNIUM Cyberattacks, Appears in US Court for 9-Count Indictment

LAPSUS$ Claims Vodafone UK Breach in New Alleged Cyberattack

Itron IT Breach: Unauthorized Access Detected on Internal Network

Fake Android Apps Distributing Spyware, Linked to Italian Surveillance Vendor IPS

Your Weekly Cybersecurity Briefing

Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.

Subscribe for Free

Please enter a valid email address.

Most Popular

MeitY Issues Warning to VPN Providers Over Access to Banned Betting Platforms

Proton VPN 2026 Roadmap: Faster Apps, Stronger Privacy, and Easier Control for Users

Russia’s Expanding VPN Restrictions Begin to Affect Core Digital Services

ExpressVPN Revises “Free Forever” Promise for Its Password Manager

NordVPN Faces Fresh Lawsuit in the U.S. Over Subscription Practices

ClickUp Hardcoded API Key Exposes Almost 1,000 Customer Emails, Including Government and Corporate Giants

MeitY Issues Warning to VPN Providers Over Access to Banned Betting Platforms

Proton VPN 2026 Roadmap: Faster Apps, Stronger Privacy, and Easier Control for Users

Russia’s Expanding VPN Restrictions Begin to Affect Core Digital Services

ExpressVPN Revises “Free Forever” Promise for Its Password Manager

NordVPN Faces Fresh Lawsuit in the U.S. Over Subscription Practices

ClickUp Hardcoded API Key Exposes Almost 1,000 Customer Emails, Including Government and Corporate Giants