Trump administration admits DOGE accessed personal Social Security data
The Trump administration has acknowledged for the first time in a court filing that members of the U.S. DOGE Service accessed and shared sensitive Social Security data without the awareness of agency officials.
The admission comes months after a whistleblower raised concerns that members of DOGE - the government cost-cutting operation founded by Elon Musk - had obtained one of the government’s most protected databases, risking the security of hundreds of millions of Americans’ private Social Security information. The agency had previously denied the whistleblower’s allegations.
But the Justice Department submitted a court filing Friday in an ongoing case saying that the Social Security Administration had discovered a secret agreement between a DOGE employee and an unidentified political advocacy group. The agreement called for sharing Social Security data with the aim of overturning election results in certain states, according to the filing.
Social Security said it was not previously aware of the agreement and that it has made referrals for potential Hatch Act violations to the Office of Special Counsel, which investigates violations of the law barring political activity in the civilian workforce. The agency learned of the agreement in November, according to the court filing, but had “not yet seen evidence that SSA data were shared with the advocacy group.”
The agency also acknowledged for the first time that DOGE members had shared data with each other using an unsanctioned third-party service that Social Security officials have been unable to access.
The disclosures amount to a notable reversal by Social Security officials, who had previously claimed there was no evidence that DOGE had potentially compromised personal data. In August, after former chief data officer Charles Borges told Congress and others that DOGE was storing Americans’ data in an unsafe environment, the agency told The Washington Post it was “not aware of any compromise to this environment” and remains “dedicated to protecting sensitive personal data.”
Privacy experts said the details in the new court filing raise serious concerns about the DOGE members’ compliance with the Privacy Act, which says federal employees can only access data that they need to carry out their jobs.
“I’m flabbergasted,” University of Virginia privacy law expert Danielle Citron said. “If that information is shared willingly and knowingly and they are sharing without the reason they collected it, it’s a violation of the Privacy Act.”
Experts said they would not be surprised to see a civil lawsuit stemming from the new admission.
“These are very serious allegations,” said John Davisson, deputy director of the Electronic Privacy Information Center, which has previously sued the administration over other data breach concerns. “In another administration, this would have prompted at least a DOJ investigation.”
Davisson said it is hard to believe that agency officials were unaware that data were being shared outside official channels, given the existing protections within government, although he noted the agency was in turmoil last year.
DOGE, Musk’s attempt at cutting government spending, had disseminated across government at the start of the Trump administration, especially taking hold at Social Security, where the billionaire promised to root out massive fraud. In reality, DOGE did not identify any widespread waste, fraud or abuse within the retirement and disability programs that SSA administers.
The new disclosures came in response to a lawsuit brought by unions and an advocacy group in February attempting to block DOGE from accessing SSA data. A judge had temporarily barred DOGE from accessing sensitive data at the agency, saying that DOGE “essentially engaged in a fishing expedition at SSA, in search of a fraud epidemic, based on little more than suspicion.” The Supreme Court later lifted that injunction.
In the latest court filing, SSA said DOGE employees were still able to access Americans’ data while the restraining order was in effect.
The filing also shares new details about how DOGE members shared data with each other without the agency’s awareness.
In early March, a DOGE staffer at SSA had sent an email to others at DOGE with an encrypted and password-protected file with what appears to be personal information for about 1,000 people, the court filing said. However, the SSA’s chief information office has not been able to access the file to figure out what it contained.
The agency also acknowledged for the first time that DOGE members were using links to share data through a third-party server called Cloudflare, which is not approved for sharing Social Security data. SSA said it was unaware of the sharing until recently and doesn’t know what was shared.
“Because Cloudflare is a third-party entity, SSA has not been able to determine exactly what data were shared to Cloudflare or whether the data still exist on the server,” Justice Department lawyers wrote.
Borges had said in his whistleblower disclosure that DOGE employees were using the Cloudflare service. The court filing does not reference Borges’s disclosure.
“Having admitted what Mr. Borges has said all along, the Social Security Administration must take appropriate action to protect Americans’ data, and Mr. Borges must get justice for the violation of his rights,” Borges’s attorney Debra Katz said in a statement Tuesday.