The Social Security Administration's inspector general is investigating a whistleblower complaint alleging that a former U.S. DOGE Service software engineer exfiltrated two of the federal government's most sensitive citizen databases and planned to share them with a private employer. The databases, Numident and the Master Death File, contain records for more than 500 million living and dead Americans, including Social Security numbers, dates and places of birth, citizenship status, race, and ethnicity. If confirmed, this would constitute the largest insider data theft of federal PII in U.S. history. The inspector general has alerted Congress and referred the matter to the Government Accountability Office, which is conducting a parallel audit of DOGE's data access.

What Happened

According to a complaint reviewed by the Washington Post, a former DOGE software engineer who worked at the SSA before transitioning to a government contractor role in October 2025 allegedly told multiple coworkers that he had taken two restricted SSA databases with him; and had at least one stored on a thumb drive. He reportedly stated he intended to share the data with his new private employer.

The SSA's acting inspector general has formally notified senior members of four congressional committees of the investigation and separately alerted the GAO, which has been conducting an independent audit of how DOGE personnel accessed federal agency data systems. The whistleblower, who filed the complaint anonymously due to fear of retaliation, was interviewed by the Washington Post, which reviewed the underlying complaint document.

Charles Borges, the SSA's former chief data officer, had previously raised concerns that DOGE staffers were bypassing established safeguards governing access to Social Security data; concerns that now appear directly relevant to this investigation. DOGE staff reportedly gained access to sensitive SSA systems last year as part of a broader push to access federal data infrastructure across multiple agencies.

What Was Taken

The alleged exfiltration centers on two of the most sensitive federal databases in existence:

• Numident (Numerical Identification System): The SSA's master registry of all Social Security number holders. Contains full legal names, Social Security numbers, dates and places of birth, citizenship status, race, and ethnicity for every person ever issued an SSN; records spanning more than 500 million living and dead Americans
• Master Death File: The SSA's authoritative death record database, used by financial institutions, federal agencies, and healthcare systems nationwide to verify deceased status and prevent fraud

Together, these databases represent a near-complete identity dossier on virtually every American who has ever lived. The alleged storage medium, a thumb drive, indicates the data was physically removed from federal custody with no documented chain of custody or authorization.

Why It Matters

This is not a conventional breach. No external threat actor breached a perimeter. No malware was deployed. The alleged vector is insider access granted to a DOGE-affiliated contractor who then allegedly walked out the door with the crown jewels of U.S. federal identity infrastructure on removable media.

The Numident and Master Death File are foundational to virtually every major identity verification system in the United States; Social Security benefits, IRS tax records, federal employment eligibility, healthcare enrollment, financial services KYC, and law enforcement identity checks all depend on the integrity and confidentiality of these records. Unauthorized access to this data by a private employer would enable industrial-scale identity fraud, targeted social engineering, synthetic identity creation, and potentially foreign intelligence exploitation if the data is further transferred.

The broader implication is systemic: if DOGE personnel were able to access and allegedly exfiltrate data of this sensitivity without triggering automated controls, the access governance frameworks protecting federal agency data are functionally broken. This is not an isolated incident; it is a signal about the state of insider threat controls across the entire federal data infrastructure.

The Attack Technique

This is a classic insider threat scenario with a novel institutional dimension:

• Access vector: Legitimate privileged access granted to DOGE-affiliated personnel as part of a government-sanctioned initiative; access that reportedly bypassed standard SSA data governance safeguards
• Exfiltration method: Physical removal via thumb drive; a method that evades network-based DLP controls entirely if endpoint USB restrictions are not enforced
• Persistence: The former employee transitioned to a private government contractor role in October 2025, allegedly retaining the data after separation from the SSA
• Intent: Alleged disclosure to a private employer; the nature and identity of that employer has not been publicly confirmed
• Detection: Whistleblower disclosure, not automated detection; suggesting data loss prevention controls either did not exist, were not enforced, or were bypassed during the DOGE access period

What Organizations Should Do

1. Enforce USB and removable media controls on all systems handling sensitive PII: Endpoint DLP must block or alert on unauthorized removable media use; privileged users should face the strictest controls, not exemptions
2. Implement data egress monitoring for bulk record access: Any query or export involving millions of records from a sensitive database should trigger automated review; bulk access patterns are detectable if monitoring is in place
3. Enforce immediate access revocation at separation: All access credentials, VPN accounts, and data export capabilities must be terminated at the moment of employment separation, not days or weeks later
4. Audit all access granted during the DOGE engagement period: Federal agencies and contractors that hosted DOGE personnel should conduct a full access audit: what data was accessed, what was exported, what credentials were provisioned and whether they were fully revoked
5. Treat insider threat as a primary risk tier, not an edge case: Perimeter security and threat actor hunting are irrelevant if privileged insiders can walk out with petabyte-scale data on physical media; insider threat programs require behavioral monitoring, need-to-know enforcement, and separation-of-duties controls on the most sensitive datasets
6. Establish independent oversight for emergency or special-access data programs: When non-standard personnel (contractors, special program staff, interagency details) are granted access to restricted federal databases, a documented, audited authorization chain with defined data handling rules must exist before access is provisioned; not after

Sources

• Philadelphia Inquirer / Washington Post: Whistleblower claims ex-DOGE member says he took Social Security data to new job
• Anchorage Daily News / Washington Post: Whistleblower claims ex-DOGE member admitted taking Social Security data to new job