Former DOGE Employee Accused of Social Security Data Theft Affecting 500 Million Americans
Published
Key Takeaways
- Whistleblower allegation: A former DOGE software engineer stole databases containing personal information for over 500 million Americans from the Social Security Administration.
- Database exfiltration: The suspect reportedly downloadedthe highly restricted databases onto a physical thumb drive to use at a new job.
- Security vulnerabilities: This potential Social Security data breach exposes severe flaws in data security and highlights significant internal cybersecurity risks related to access management.
A massive alleged DOGE data theft is under investigation following a recent whistleblower complaint alleging that a former software engineer at the company exfiltrated highly sensitive records from the U.S. Social Security Administration (SSA). The individual reportedly transferred two critical databases, the "Numident" and the "Master Death File", onto a portable thumb drive before leaving for a private-sector contractor.
Massive Scope of the Compromised Records
The former Department of Government Efficiency (DOGE) employee reportedly claimed to possess unrestricted administrative access to the SSA's infrastructure, as reported by The Washington Post.
If verified, this DOGE data breach represents a catastrophic compromise of civilian information. The allegedly exfiltrated databases may contain granular records for approximately 500 million living and deceased Americans:
- Social Security numbers,
- places and dates of birth,
- citizenship,
- race and ethnicity,
- parents’ names.
While a spokesperson for the SSA has denied the allegations, saying the Washington Post was “eager to publish fake news to scare seniors,” the inspector general's office is currently reviewing the whistleblower's claims.
Insider Threat Risks
Providing broad, unrestricted system access to temporary personnel or contractors significantly increases the insider threat risk, as it allows the transfer of classified, high-volume databases to unmonitored physical storage devices.
Politico reported in January that two DOGE members were suspected of gaining unauthorized access to Social Security numbers they may have shared with an advocacy group.
Reports in March 2025 revealed that a DOGE employee sent unencrypted personal data over email, breaching U.S. Treasury policies, a month after the company was accused of accessing citizen financial information.
In December, a former Coinbase support agent was arrested in India over an insider data breach, and one month earlier, CrowdStrike confirmed an insider threat incident linked to Scattered Lapsus$ Hunters and fired an employee amid data leak claims.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular