A senior employee of the Social Security Administration has been converted to complainants reports that members of the Trump administration’s government efficiency (Doge) uploaded hundreds of millions of social security records to a vulnerable cloud server, putting the personal information of most of them.
Charles Borges, head of the Social Security Service Data, told A recently liberated complaint complaint published on Tuesday That other top officials in the agency signed a decision in June to upload “a living copy of the country’s social security information in a cloud environment that bypasses supervision”, despite borges that are causing concerns.
The database, known as the numerical identification system, contains more than 450 million records containing all the elements submitted as part of a social security application, including the name of the applicant, the place of birth, the citizenship and the social security number of their family members, and other family members.
Borges said Doge members, the team of former Elon Musk officials appointed to the government on the pretext of reducing fraud and waste, copy the sensitive database to an Amazon hosted organization, “obviously lacking independent security controls”.
The lack of security protection violated internal service security checks and federal privacy laws, according to the complaint.
Borges said by allowing Doge to be managers of the organization’s cloud, Doge workers will be able to create “public accessible services”, which means they could allow public access to the Cloud system and any of the sensitive data stored in.
Borges warned in the complaint that if this information was at stake, “the sensitive is likely to [personally identifiable information] In each American, including health diagnoses, income levels and bank information, family relationships and personal biographical data could be publicly exposed and widely shared. ”
The complaint stated that any compromise or unauthorized access to the database would have a “devastating impact” on the US Social Security Program, describing a worse case scenario as it may repeat the social security numbers of all.
While a federal retention order in March initially prevented Doge officials from accessing the country’s database of the country of social security archives, the Supreme Court raised the order on June 6, paving the way for Doge access.
In the days that followed, Doge allegedly worked to seek internal approvals from the body’s top brass, per Borges complaint.
Aram Moghaddassi’s head of information has approved the movement to copy the database to the cloud of the organization, saying that “it has determined that the need for businesses is higher than the risk of security” and that it accepts “all dangers” with the project. The complaint also says that Michael Russo, a Doge senior official, who previously served as head of the organization’s service before Moghaddassi, but remains in the organization, also approved by moving live social security data in the cloud.
Borges said he raised first issues internally to the organization, but later broke the whistle to encourage Congress members to “deal with immediate supervision to deal with these serious concerns,” according to a statement From his lawyer, Andrea Meza, to the Government Program.
This is the latest category for bad practices in cyberspace by the administration and its representatives, including Doge, since President Trump assumed duties earlier in January. Since January, Doge members have received a sweeping check of most US federal departments and citizens’ data sets.
When TechCrunch arrived, Elizabeth Huston, a White House spokesman, would not say whether the administration was aware of the complaint and deferred comments to the Social Security Administration.
In a response by e -mail, Nick Perrine’s Social Security Representative said the organization “stores personal data in safe environments that have strong safeguards to protect vital information”.
“The data mentioned in the complaint are stored in a long -term environment used by SSA and is described by the Internet.
The spokesman said the organization “knew no compromise in this environment”.
Data violations including the federal government data stored in the cloud are rare but not unheard of. In 2023, TechCrunch said the US Department of Defense was publicly exposed thousands of sensitive military emails online due to security. While e -mail was stored in Microsoft Azure’s separate cloud dedicated to government clients, a misconception allowed the content of the e -mail of a military unit to leak publicly.
Correction: A previous edition of this story rushed to be hosted where the exposed Dod’s exposed email was hosted. The story now accurately reflects that the exposed data was hosted at Microsoft’s Azure.
