The private information of hundreds of millions of Americans is at risk after the Department of Government Efficiency uploaded a copy of a vast Social Security database to a cloud server in June, according to a whistleblower complaint from the chief data officer for the Social Security Administration.
The vulnerable DOGE server contains the information of every American who has applied for a Social Security card, including the applicants’ names, dates of birth, citizenships, ethnicities, phone numbers, addresses, and other personal information, potentially compromising the security of over 300 million Americans, according to the complaint, filed by Charles Borges to the Office of Special Counsel and members of Congress.
“Should bad actors gain access to this cloud environment, Americans may be susceptible to widespread identity theft, may lose vital healthcare and food benefits, and the government may be responsible for re issuing every American new Social Security Number at great cost,” the complaint reads.
What is the database DOGE allegedly copied?
DOGE transferred Social Security information from the Numerical Identification System (NUMIDENT) database to an internal server only DOGE could access, according to the complaint.
NUMIDENT contains all required information on applications for a United States Social Security card. Nearly 550 million Social Security numbers had been issued as of earlier this month.
What potential risks do Americans face?
When asked about Borges’ report that DOGE copied sensitive NUMIDENT data into an unsafe server, the Social Security Administration told TIME in a statement that “Commissioner Bisignano and the Social Security Administration take all whistleblower complaints seriously.”
It went on to state that “SSA stores all personal data in secure environments that have robust safeguards in place to protect vital information. The data referenced in the complaint is stored in a long-standing environment used by SSA and walled off from the internet. High-level career SSA officials have administrative access to this system with oversight by SSA’s Information Security team. We are not aware of any compromise to this environment and remain dedicated to protecting sensitive personal data.”
But the whistleblower report, filed by lawyers at the Government Accountability Project, a whistleblower protection group, highlights concerns over a lack of “independent security controls” for the server, “including independent tracking of who is accessing the data and how they are using it.”
Borges’ claim also stated that “no verified audit or oversight mechanisms existed” for the DOGE server.
“This kind of misuse I have not seen from the federal government,” said Susan Landau, a professor of cybersecurity and policy at Tufts University, calling the alleged move to put such sensitive information at risk a “cowboy act.”
If this information were accessed, scammers could more convincingly extort or deceive individuals, according to Landau.
She explained that if bad actors gained access to an individual’s NUMIDENT information, they could easily find additional sources of personal information and create a holistic profile on the person that could be used to impersonate official entities such as banks, or lure people into ponzi schemes.
Landau also warned of the potential for harm if nations such as China or Russia were able to access DOGE’s Social Security cloud.
“I’m appalled,” Landau added. “The federal government, over the last 20 years, has really worked hard to protect this data. Now … what appears to be going on is creating more and more of the data available in one place. And that’s not a good security practice. And to put it on an insecure server is downright crazy.”
Herbert Lin, a fellow in cyber policy and security at Stanford University, expressed concerns about the fact that access to Social Security data has been expanded to DOGE employees and is not only accessible through federal channels.
“The situation is worse now because more people have potential access to it,” Lin said. “I don’t know who they hire, and if anybody does, let me know. But that’s the issue.”
Lin also sees the question of the legality of DOGE’s ability to interfere with federal agencies as a key issue in the relocation of data that was once solely protected by the Social Security Administration.
“I mean, the fact that its authority doesn’t come from an act of Congress matters to me,” Lin said. “I think it should matter to anybody.”
How is the government responding?
Borges’ complaint outlines his internal whistleblower activity, saying he disclosed to his superiors that the re-issuance of Social Security Numbers to Americans whose data was leaked was a “worst-case outcome.” Following his various internal complaints, Borges has not received information to “indicate that the cloud environment hosting the American public’s NUMIDENT data is protected by best practice and industry standard independent security controls,” according to the report.
The Office of General Counsel has additionally advised employees not to respond to Borges’ multiple inquiries into the security and risks of the DOGE Social Security server, the complaint alleges.
Borges is expected to meet with an oversight committee and members of Congress to discuss his findings.
TIME has reached out to DOGE for comment.