Norms Impact
All U.S. Social Security numbers may need to be changed following a massive breach that is already being investigated as a national threat
A federal team is accused of cloning America’s Social Security “master key” into the cloud while sidestepping oversight—normalizing unauthorized access to citizens’ most sensitive data.
Feb 13, 2026
Sources
Summary
A former Social Security Administration chief data officer alleges a federal tech team created a “live copy” of the nation’s master Social Security records in a separate cloud environment that bypassed normal oversight and security checks. The dispute now sits inside a widening institutional breakdown: conflicting agency assurances, court filings describing policy violations, and Justice Department admissions that prior statements about access were inaccurate. The practical consequence is enduring exposure of hundreds of millions of Americans to identity theft, benefits hijacking, and the disruptive prospect of reissuing Social Security numbers at national scale.
Reality Check
This conduct threatens to normalize the idea that politically connected operators can duplicate and route our most sensitive government records outside standard controls, leaving ordinary citizens to absorb the lifelong risk. If the allegations are substantiated, routing or disclosing Social Security records to third parties and non-government servers without authorization can implicate federal privacy and computer-access laws, including the Privacy Act of 1974 (5 U.S.C. § 552a), the Computer Fraud and Abuse Act (18 U.S.C. § 1030), and federal theft/unauthorized disclosure provisions that can attach to government records (including 18 U.S.C. § 641 and 18 U.S.C. § 1905). Even before any criminal charging decision, the documented pattern—policy bypasses, third-party disclosure, and DOJ admissions of inaccurate court statements—signals institutional rot: when internal safeguards and truthful court representations fail, our rights to privacy, benefits security, and due process become contingent rather than guaranteed.
Detail
<p>Chuck Borges, a former chief data officer at the Social Security Administration, alleged that a federal tech team identified as the Department of Government Efficiency (DOGE) copied the government’s master Social Security database into a separate cloud system without normal oversight. A protected disclosure filed with the Office of Special Counsel states Borges told the Government Accountability Project that DOGE officials created a “live copy” of Social Security records in a cloud environment that sidestepped standard security checks, placing the data of more than 300 million Americans at risk.</p><p>A Washington Post ruling summary described DOGE access to databases containing Social Security numbers and other sensitive records, including medical and mental health records, financial information, tax details, work histories, and addresses. Court filings summarized on Rep. John Larson’s website state DOGE workers used Cloudflare in March 2025 in violation of agency security policies, attempted to pass sensitive records to an outside advocacy group seeking to overturn election results, and that confidential information on about one thousand Americans was sent to Elon Musk’s team. The filings state the agency does not know what data reached Cloudflare or whether it remains there. The Justice Department later admitted in another case that earlier statements to courts about DOGE’s access were inaccurate.</p>