Overview

• An internal SSA assessment cited by the report estimated a 35–65% likelihood of a breach with catastrophic impact after a copy of the Numident file was placed in a cloud environment.
• Whistleblower Chuck Borges, SSA’s former chief data officer, said DOGE personnel moved a live copy of Americans’ personal data into a server lacking verified controls and outside normal agency visibility.
• Senate staff describe restricted oversight and unusual secrecy, including locked workspaces, covered windows, armed guards, and an unreviewed Starlink network that could bypass agency IT monitoring.
• The report recommends revoking DOGE’s access to sensitive records until agencies certify compliance with laws such as FISMA and requiring standard federal cybersecurity training for DOGE personnel.
• SSA and OPM dispute the findings, with SSA stating Numident remains in a monitored secure environment and that no unauthorized access or leaks have been detected.