type: timeline_event
The Department of Justice filed a court document confirming that DOGE employees at the Social Security Administration improperly shared sensitive personal data of more than 300 million Americans to an unauthorized Cloudflare server, validating whistleblower Chuck Borges' August 2025 complaint. The filing marked the Trump administration's first official acknowledgment that DOGE inappropriately handled highly sensitive data containing Social Security numbers, dates of birth, addresses, citizenship status, and parents' names.
The DOJ filing revealed that DOGE employees created a copy of the agency's Numerical Identification System (NUMIDENT) database without following required security protocols, bypassing strict security measures for federal databases. The copy allegedly lacked security oversight from SSA or tracking to determine who accessed the data. The filing also disclosed that DOGE employees circumvented IT rules, sent password-protected files of private records to DOGE affiliates outside the agency, and retained access to data even after a judge temporarily halted it.
Congressional Representatives Larson and Neal called it potentially the largest data breach "in our nation's history" and demanded criminal prosecution of DOGE appointees. Privacy experts noted the violations likely breached the Privacy Act, which prohibits federal employees from accessing data beyond what their jobs require. The Social Security Administration admitted it still had "little knowledge of what data was shared" and could not verify the extent of violations. Whistleblower Chuck Borges, who resigned in August 2025 after alleging retaliation, stated the revelations were "disappointing to be proven right" and called for congressional investigation.