Norms Impact
DOGE employee stole Social Security data and put it on a thumb drive, report says | TechCrunch
A politically installed technical apparatus inside SSA is repeatedly linked to alleged unauthorized access, collapsing the norm that Americans’ identity data is protected by strict, accountable custody.
Mar 10, 2026
⚖ Legal Exposure
Sources
Summary
A former Department of Government Efficiency software engineer is reported to have taken tightly restricted Social Security Administration databases and stored them on a thumb drive. DOGE’s continued control and opaque placement of technical staff inside SSA has coincided with repeated allegations of unauthorized access and data handling. The practical consequence is a heightened risk that Americans’ most sensitive identity data can be copied, moved, and potentially repurposed outside lawful oversight.
Reality Check
Normalizing the movement of Social Security databases into untracked hands shreds the guardrail that federal data stays within accountable, auditable custody. When an agency remains under a political operational structure while its own inspector general investigates alleged data theft, we are watching oversight get forced to chase harms after the fact.
This precedent concentrates power in opaque technical roles, weakens civil-service controls, and conditions the public to accept that core identity systems can be treated as portable assets. Once that becomes routine, separation-of-duties and due-care standards stop functioning, and the country’s most sensitive records become a standing vulnerability rather than a protected trust.
Legal Summary
A whistleblower-alleged removal of tightly restricted SSA databases onto a thumb drive, coupled with reported intent to use them at a new contractor job, presents high-likelihood criminal exposure. The facts align with theft/conversion of government records and unauthorized access/extraction from government systems, with additional confidentiality and Privacy Act implications pending inspector general investigation.
Legal Analysis
<h3>18 U.S.C. § 641 — Theft/conversion of government property or records</h3><ul><li>Allegation that a former SSA/DOGE engineer removed “tightly restricted” SSA databases (Numident and Master Death File) and stored them on a thumb drive supports theft/conversion of U.S. government records/information.</li><li>Reported intent to use the databases at a new employer strengthens inference of knowing conversion “to his use” or unauthorized control.</li></ul><h3>18 U.S.C. § 1030 (CFAA) — Unauthorized access / exceeding authorized access to protected computers</h3><ul><li>Claimed possession of restricted SSA databases and “God-level” access suggests access beyond authorized need-to-know and potential extraction of data from SSA systems.</li><li>Moving data to removable media (thumb drive) and planned use at a contractor supports obtaining information from a government protected computer without authorization or by exceeding authorized access.</li></ul><h3>18 U.S.C. § 1905 — Disclosure of confidential information</h3><ul><li>Numident/Master Death File contain sensitive personal identifiers (SSNs, DOB, citizenship, etc.); unauthorized removal and contemplated use at a private company indicates prohibited disclosure/misuse of confidential government-held information.</li><li>Even absent proof of external distribution yet, the alleged taking and intended utilization at a new employer evidences wrongful disclosure/use.</li></ul><h3>Privacy Act of 1974, 5 U.S.C. § 552a(i) — Criminal penalties for willful disclosure/maintenance violations</h3><ul><li>Alleged willful removal/possession of SSA system-of-records data (SSNs and related identifiers) and intent to use it outside SSA supports potential willful disclosure/use contrary to the Act.</li><li>Scope (potentially hundreds of millions of records) magnifies culpability and investigative urgency.</li></ul><h3>18 U.S.C. § 1832 — Theft of trade secrets (limited fit)</h3><ul><li>If the databases or compilation methods were treated as proprietary/valuable information of SSA with confidentiality controls, unauthorized taking for use at a contractor could be explored, though the core harm is personal data theft rather than classic trade secrets.</li></ul><b>Conclusion:</b> The alleged conduct reflects straightforward criminal exposure centered on unauthorized removal and intended exploitation of restricted SSA databases (data theft), not merely procedural irregularity or political misuse.
Detail
<p>A whistleblower complaint reported by The Washington Post alleges that a former Department of Government Efficiency (DOGE) software engineer stole Americans’ personal data from the U.S. Social Security Administration (SSA) and stored it on a thumb drive.</p><p>According to the report, after leaving SSA in October to work at a government contractor, the former employee told coworkers he possessed two tightly restricted SSA databases—“Numident” and the “Master Death File”—and planned to use the information at his new company. The databases were described as potentially containing records for more than 500 million living and dead Americans, including Social Security numbers and other identity attributes. The former employee also reportedly claimed he previously had unrestricted access to SSA systems.</p><p>The SSA spokesperson denied that data was stolen and criticized the reporting. The SSA inspector general is investigating the whistleblower complaint, according to the report.</p><p>The context includes prior allegations tied to DOGE activity at SSA, including suspected sharing of off-limits Social Security numbers, uploading large volumes of records to a vulnerable cloud server, and a court order blocking DOGE access to SSA systems.</p>