Table of Contents

A whistleblower’s complaint filed with the Social Security Administration’s Inspector General claims a former DOGE software engineer copied two restricted federal databases—containing records on nearly every living American—onto a personal thumb drive and planned to share the data with a private employer. The SSA’s watchdog confirmed it is investigating. Congress opened parallel inquiries.

This is not the first time DOGE’s data practices triggered federal scrutiny. It is, however, the most explicit allegation yet that government data ended up walking out the door.

What the Whistleblower Alleges

The Washington Post broke the story on March 10, 2026, detailing an anonymous complaint reviewed by the SSA Inspector General.1 According to the complaint, a former DOGE software engineer—who had worked at SSA before joining as a government contractor in October—told colleagues at a January event that he had retained copies of two tightly restricted agency databases:

  • NUMIDENT (Numerical Identification System): Contains Social Security numbers, dates of birth, place of birth, and parents’ names for nearly every living American
  • Death Master File: Records for individuals reported as deceased, used widely for fraud prevention and government benefit eligibility

The engineer allegedly claimed to have maintained “God-level access” to SSA systems even after departing the agency. When a colleague declined to help transfer data from the thumb drive to a personal computer—citing legal concerns—the staffer reportedly stated he expected a presidential pardon if his actions were found to be illegal.2

The SSA, the former employee, and associated companies have denied the allegations. SSA stated publicly it could not verify the claims. TechCrunch and Inc. both noted the allegations come from a single anonymous source, a caveat worth holding.3

The SSA’s OIG notified congressional committee leaders on March 6 that it is reviewing “an anonymous complaint on matters relating to the potential misuse of SSA data by a former DOGE employee, among other allegations.”4

This Isn’t the First SSA Incident

The March 2026 allegations don’t exist in isolation. They follow a documented pattern of DOGE data mishandling at SSA that the Trump administration itself has partially confirmed.

In January 2026, the DOJ acknowledged that DOGE employees had improperly accessed and shared sensitive SSA data.5 SSA chief data officer Chuck Borges—himself a whistleblower—outlined three specific failures: DOGE employees had inappropriate access to SSA data, they violated a temporary restraining order, and they uploaded sensitive data to a Cloudflare server outside SSA’s approved security protocols.6 Because Cloudflare is a third-party service, SSA stated it cannot determine exactly what data was shared or whether it still exists on the server.

Earlier, in March 2025, DOGE team members used Cloudflare links to transfer data between March 7 and March 17—a period when federal court orders were already in motion challenging DOGE’s access rights.7

Two SSA DOGE employees were also referred to the Office of Special Counsel in late December 2025 for potential Hatch Act violations.8 According to court filings, these employees secretly communicated with a political advocacy group that had acquired state voter rolls and sought SSA’s help matching that data to find “evidence of voter fraud” and “overturn election results in certain states.” One employee signed a “Voter Data Agreement” in his capacity as an SSA employee. SSA has not confirmed whether SSA data was actually shared with the group.

IncidentDateData InvolvedStatus
DOGE employees share PII via encrypted emailEarly 20251,000 individuals’ PIIConfirmed by DOJ
Data uploaded to Cloudflare (unapproved server)Mar 7–17, 2025Unknown scopeConfirmed; full extent unknown
Voter roll matching request with political groupMar 2025SSA records vs. voter rollsInvestigated; data sharing unconfirmed
Hatch Act referrals to OSCDec 2025N/A (conduct)Referred
Thumb drive/NUMIDENT whistleblower allegationMar 2026NUMIDENT + Death Master FileUnder OIG investigation

The Broader Architecture: DOGE’s Data Consolidation Push

To understand why a single rogue actor with a thumb drive is possible, you have to understand the access structure DOGE created.

A Brookings Institution analysis described DOGE’s stated ambition as building “one big, beautiful database”—a centralized federal data repository drawing from systems currently siloed across agencies.9 According to reporting by the Washington Post and NPR, DOGE sought and obtained access to data at: the Treasury Department (Social Security numbers, tax returns, home addresses, birth dates); the Office of Personnel Management (background checks, medical records, biometric data); SSA; the Department of Education; the Department of Labor; and the Department of Health and Human Services.10

Some DOGE personnel were granted “edit access”—not just read access—to critical databases. This distinction matters enormously. Read access means viewing records. Edit access means altering or erasing them.

A Senate Homeland Security and Governmental Affairs Committee report found that DOGE “continues to operate unchecked, likely violating federal privacy and security laws.”11 The ACLU filed formal document requests demanding SSA produce records on DOGE’s data access.12 Harvard’s Ash Center published a public explainer on what DOGE’s access means for ordinary Americans.13

The Civil Rights Leadership Conference documented in March 2025 that DOGE’s actions appear to violate the Privacy Act of 1974—a law enacted specifically in the aftermath of Watergate and COINTELPRO to prevent government data aggregation from being weaponized against citizens.14

The Privacy Act of 1974 and the E-Government Act of 2002 both establish guardrails on how agencies collect, share, and use personal data. The Privacy Act requires purpose limitation—data collected for one stated purpose cannot be repurposed without notice and consent. DOGE’s cross-agency data pooling, by design, violates this principle.

The Hatch Act prohibits federal employees from using government positions for partisan political activity. The voter roll matching request—if it had proceeded—would have weaponized Social Security data for election challenges, a textbook Hatch Act violation.

Courts have intervened repeatedly. Federal judges moved to revoke DOGE’s access at the Treasury Department, OPM, and the Department of Education.15 The Supreme Court, however, ultimately allowed DOGE to retain access to Social Security records, a ruling that significantly constrained judicial remedies.16

What Practitioners and Policymakers Should Watch

The NUMIDENT database is particularly sensitive because it functions as a foundational identity document for essentially every American. Unauthorized possession of this data creates significant identity fraud risk at scale—the kind of dataset that fuels synthetic identity fraud, account takeover, and targeted social engineering. The Death Master File compounds this because it contains exactly the type of records identity fraudsters exploit: deceased individuals’ credentials have historically been used to open fraudulent accounts before the deaths propagate through credit systems.

Rep. Robert Garcia (House Oversight) has expanded the investigation following the latest whistleblower allegations.17 Rep. James Walkinshaw formally demanded accountability.18 Sen. Gary Peters called for an independent investigation, noting DOGE appears to be operating outside established federal cybersecurity and privacy law.19

The IRS CEO largely deflected questions about data-sharing between IRS and SSA at a March 2026 congressional hearing, according to Nextgov/FCW.20 That deflection, in context, is its own signal about how opaque the full scope of DOGE’s data access remains.

For organizations that interact with government systems—contractors, healthcare providers, financial institutions—the lesson is structural: when a government initiative can access systems across agencies without standard credentialing, auditing, and access revocation processes, the insider threat model breaks down entirely. The whistleblower scenario isn’t a bug in this architecture. It’s a predictable outcome of it.

Frequently Asked Questions

Q: What is the NUMIDENT database and why does it matter? A: NUMIDENT (Numerical Identification System) is the SSA’s core identity database, containing Social Security numbers, dates and places of birth, and parents’ names for virtually every living American. Unauthorized possession of this data creates nation-scale identity fraud risk.

Q: Has DOGE’s access to Social Security data been confirmed as illegal? A: Multiple incidents have been confirmed as improper by the DOJ and SSA itself—including sharing PII via unapproved channels and uploading data to third-party servers outside SSA’s security protocols. The thumb drive allegation from the March 2026 whistleblower remains under active OIG investigation and has not been independently verified.

Q: What laws govern how DOGE can access federal data? A: The Privacy Act of 1974 requires purpose limitation and prevents unauthorized data sharing across agencies. The E-Government Act of 2002 establishes security requirements for government systems. The Hatch Act prohibits using government positions for partisan political activity. DOGE’s reported actions have raised credible concerns under all three.

Q: Can courts stop DOGE’s data access? A: Federal courts have revoked some specific access—at Treasury, OPM, and Education—but the Supreme Court allowed DOGE to retain access to Social Security records, which significantly limits judicial remedies for the SSA-specific concerns.

Q: What should I do if I’m concerned about my own data? A: At time of writing, there is no government notification process for individuals affected by DOGE’s data access. AARP has called for accountability and notification processes.21 Monitoring your credit reports and Social Security statement for anomalies is a practical precaution given the documented uncertainty about what data was accessed and where it went.

Footnotes

  1. Washington Post. “DOGE member took Social Security data on a thumb drive, whistleblower alleges.” March 10, 2026. https://www.washingtonpost.com/politics/2026/03/10/social-security-data-breach-doge-2/

  2. Inc. “‘Worst-Case Scenario’: Ex-DOGE Engineer With ‘God-Level Access’ Accused of Taking Social Security Data on 500 Million Americans.” March 2026. https://www.inc.com/leila-sheridan/ex-doge-engineer-god-level-access-social-security-breach/91315780

  3. TechCrunch. “DOGE employee stole Social Security data and put it on a thumb drive, report says.” March 10, 2026. https://techcrunch.com/2026/03/10/doge-employee-stole-social-security-data-and-put-it-on-a-thumb-drive-report-says/

  4. NPR. “The government is investigating new claims that DOGE misused Social Security data.” March 11, 2026. https://www.npr.org/2026/03/11/nx-s1-5745153/doge-social-security-data-whistleblower-investigation

  5. NPR. “How DOGE improperly accessed and shared Social Security data.” January 23, 2026. https://www.npr.org/2026/01/23/nx-s1-5684185/doge-data-social-security-privacy

  6. PBS NewsHour. “Whistleblower responds after DOJ confirms DOGE mishandled Social Security data.” 2026. https://www.pbs.org/newshour/show/whistleblower-responds-after-doj-confirms-doge-mishandled-social-security-data

  7. FedScoop. “DOGE likely violated order on Social Security data, court filing shows.” 2025. https://fedscoop.com/doge-access-social-security-data-court-filing/

  8. Nextgov/FCW. “DOGE officials face Hatch Act referrals for work with org aiming to ‘overturn election results’.” January 2026. https://www.nextgov.com/digital-government/2026/01/doge-officials-face-hatch-act-referrals-work-org-aiming-overturn-election-results/410805/

  9. Brookings Institution. “Privacy under siege: DOGE’s one big, beautiful database.” 2025. https://www.brookings.edu/articles/privacy-under-siege-doges-one-big-beautiful-database/

  10. Washington Post. “DOGE aims to pool federal data, putting personal information at risk.” May 7, 2025. https://www.washingtonpost.com/business/2025/05/07/doge-government-data-immigration-social-security/

  11. Senate HSGAC. “Peters Report Finds that DOGE Continues to Operate Unchecked.” 2026. https://www.hsgac.senate.gov/media/dems/peters-report-finds-that-doge-continues-to-operate-unchecked-likely-violating-federal-privacy-and-security-laws-and-putting-the-safety-of-americans-personal-information-in-danger/

  12. ACLU. “ACLU Demands Social Security Administration Turn Over Docs on DOGE’s Access to Americans’ Data.” 2025. https://www.aclu.org/press-releases/aclu-demands-social-security-administration-turn-over-docs-on-doges-access-to-americans-data

  13. Harvard Ash Center. “Understanding DOGE and Your Data.” 2025. https://ash.harvard.edu/resources/understanding-doge-and-your-data/

  14. The Leadership Conference on Civil and Human Rights. “DOGE and Government Data Privacy.” March 2025. https://civilrights.org/2025/03/20/doge-government-data-privacy/

  15. TechPolicy.Press. “DOGE’s Plundering of Data Hastens Calls to Tighten Government Privacy Laws.” 2025. https://www.techpolicy.press/doges-plundering-of-data-hastens-calls-to-tighten-government-privacy-laws/

  16. FedScoop. “Supreme Court allows DOGE to access Social Security records.” 2025. https://fedscoop.com/supreme-court-allows-doge-to-access-social-security-records/

  17. House Committee on Oversight. “Ranking Member Robert Garcia Expands DOGE Social Security Data Leak Investigation.” 2026. https://oversightdemocrats.house.gov/news/press-releases/ranking-member-robert-garcia-expands-doge-social-security-data-leak-investigation-following-explosive-new-whistleblower-allegations

  18. Rep. James Walkinshaw. “Walkinshaw Demands Accountability in Explosive DOGE Social Security Breach Allegations.” 2026. https://walkinshaw.house.gov/news/documentsingle.aspx?DocumentID=390

  19. Senate HSGAC. “Peters Calls for Independent Investigation into DOGE Activities at SSA.” 2026. https://www.hsgac.senate.gov/media/dems/peters-calls-for-independent-investigation-into-doge-activities-at-ssa-after-new-disclosures-reveal-legal-and-data-security-violations/

  20. Nextgov/FCW. “IRS CEO largely dodges questions about data sharing at IRS, SSA.” March 2026. https://www.nextgov.com/digital-government/2026/03/irs-ceo-largely-dodges-questions-about-data-sharing-irs-ssa/411893/

  21. The Hill. “AARP calls for accountability over DOGE sharing Social Security data.” 2026. https://thehill.com/homenews/administration/5699159-aarp-demands-doge-accountability/

Topics:
ai-policy privacy government

Related Articles

AI Policy

When Government Agencies Use ChatGPT to Make Real Decisions: The Accountability Crisis

Government agencies are increasingly using ChatGPT and AI systems to review grants, draft policies, and make administrative decisions, raising critical questions about accountability, bias, and democratic governance.

 AI Policy

AI Is Here to Replace Nuclear Treaties: Should We Be Scared?

As nuclear arms control treaties collapse, AI-powered satellite monitoring is being positioned as a technological alternative to diplomatic verification. The answer is both promising and deeply unsettling.

 AI Policy

US vs. EU AI Regulation: Two Incompatible Visions for the AI Future

The EU AI Act begins full enforcement in August 2026 while the US dismantles federal oversight and pre-empts state laws. For global AI companies, the result is a compliance nightmare—dual architectures, divergent obligations, and no clear path to reconciliation.

Enjoyed this article?

Stay updated with our latest insights on AI and technology.

More Articles Subscribe via RSS