type: timeline_event
On March 11, 2026, the Social Security Administration's Office of Inspector General formally notified the chairs and ranking members of key House and Senate committees that it had opened an investigation into whistleblower allegations that a former DOGE employee had misused and exfiltrated sensitive Social Security data.
The OIG notification confirmed it was reviewing an anonymous complaint regarding "the potential misuse of SSA data by a former DOGE employee." The complaint, which had been filed with lawmakers around March 6, described a former DOGE software engineer who had allegedly taken two tightly restricted SSA databases — containing information on more than 500 million people, living and dead — on a thumb drive to his new position at a government contractor.
The investigation came on top of already-pending litigation: the Trump administration had admitted in a January 16 court filing that DOGE employees had shared Social Security data on an unauthorized private service, attempted to transfer confidential information on roughly 1,000 Americans to an unnamed advocacy group "seeking to overturn election results," and sent sensitive records to Musk's workers. The SSA had disclosed in January that it could not fully verify the extent of the violations.
Senate Finance Committee ranking member Ron Wyden called the allegations "one of the largest known data breaches in American history, perpetrated by Trump appointees for the explicit purpose of weaponizing Americans' sensitive personal data for political gain." House Oversight Committee ranking member Robert Garcia expanded the committee's formal DOGE investigation in response to the OIG announcement, demanding detailed answers from the SSA and asking former DOGE staffers affiliated with the agency to come forward.
The cumulative picture that emerged by March 11 was of a systematic pattern: DOGE operatives had entered the Social Security Administration, accessed some of the most sensitive personal records in the federal government, faced no meaningful internal oversight, and in at least one case allegedly walked out the door with the data.