DOJ filing reveals DOGE shared Social Security data to unauthorized server
WASHINGTON — A Department of Government Efficiency employee shared social security data without the knowledge of agency officials and violated security protocols, according to a Tuesday Department of Justice court filing.
The filing, reviewed by CNN, Politico and the New York Times, said the Social Security Administration is still trying to determine what information the employee shared through an unauthorized third-party server.
"Every American ought to be concerned about the fact that they're combing over your personal data and information," Rep. John Larson told the press on Tuesday.
Larson and Ways and Means Committee member Rep. Richard Neal said it could be the largest data breach "in our nation’s history" and called on the DOGE employees to be held accountable.
"We have been warning about privacy violations at Social Security and calling out Elon Musk’s ‘DOGE’ for months," they said in a joint statement. "The ‘DOGE’ appointees engaged in this scheme — who were never brought before Congress for approval or even publicly identified — must be prosecuted to the fullest extent of the law for these abhorrent violations of the public trust."
It's unclear if the data still exists on the server nearly a year after the incident.
First reports about security concerns came in August, when whistleblower Charles Borges, who had worked as the chief data officer at the Social Security Administration since January 2025, said sensitive information that could be released included health diagnoses, income, banking information, familial relationships, and personal biographic data.
Tuesday's filing is the first time the Trump administration acknowledged that the DOGE employees mishandled the data.
The SSA responded to Borges claims after they came out, saying it takes whistleblower complaints seriously but seemed to downplay Borges' accusations.
“SSA stores all personal data in secure environments that have robust safeguards in place to protect vital information. The data referenced in the complaint is stored in a long-standing environment used by SSA and walled off from the internet. High-level career SSA officials have administrative access to this system with oversight by SSA’s Information Security team. We are not aware of any compromise to this environment and remain dedicated to protecting sensitive personal data,” the agency wrote.
Borges’ complaint said he disclosed to his superiors that he believed the upload was an abuse of authority and posed a substantial threat to public health and safety, and potentially violated the law.
Andrea Meza, a lawyer representing Borges, said in August her client released the information “out of a sense of urgency and duty to the American public.”
The filing also said a political advocacy group asked two DOGE members for an analysis of state voter rolls, but didn't identify the group. The DOJ said the group’s goal was "to find evidence of voter fraud and to overturn election results in certain states," in the filing.