On August 29, 2025, Charles Borges, the Social Security Administration’s (SSA) chief data officer, abruptly resigned after filing a whistleblower complaint that has since sent shockwaves through Washington. In a resignation letter addressed to SSA commissioner Frank Bisignano, Borges described his departure as “involuntary,” claiming mounting pressure made it impossible for him to continue his work legally or ethically. His exit, coming just days after he sounded the alarm on data security lapses, has ignited fierce debate over the government’s handling of Americans’ most sensitive personal information.
Borges’s complaint, filed Tuesday and submitted with the backing of the Government Accountability Project to the Office of Special Counsel and congressional committees, alleges that staffers from the Department of Government Efficiency (DOGE) at the SSA recklessly copied the agency’s massive Numident database into a cloud environment with inadequate security oversight or tracking. The Numident database, as described by Borges and experts, is the government’s master file on everyone who has ever been issued a Social Security number—containing Social Security numbers, birth dates, addresses, citizenship status, parents’ names, and other personal identifiers for more than 300 million Americans.
According to Borges, this improperly secured copy placed millions at risk of identity theft and could disrupt access to vital government programs, including healthcare and food benefits. "If compromised, the database could expose Americans to identity theft and disrupt access to key government programs such as healthcare and food benefits," Borges warned, as reported by Digital Market Reports. The complaint went further, describing “a disturbing pattern of questionable and risky security access and administrative misconduct” within the agency, and painting a picture of a workplace where leaders ignored repeated warnings and fostered a culture of retaliation.
Borges claimed that after he sent his resignation letter to staff, it mysteriously disappeared from employee inboxes within minutes—an incident that has raised fresh concerns about possible censorship within the agency. In his letter, Borges explained that he could no longer fulfill his duties legally or ethically, citing intense stress and the agency’s failure to address his concerns. He stated, "The situation caused me intense stress, making it impossible for me to continue." Borges also alleged that the copying process broke multiple federal laws, and that the risks were so grave he could not, in good conscience, remain in his post.
The SSA, for its part, has insisted that personal data remains stored in a secure, closed environment. SSA spokesperson Nick Perrine told Digital Market Reports, “The data referenced in the complaint is stored in a long-standing environment used by SSA and walled off from the internet.” Perrine added that senior officials maintain administrative access under the agency’s Information Security team and that, as of September 1, 2025, “no compromise has been detected.”
Despite these assurances, the very act of creating a duplicate database without clear oversight has alarmed cybersecurity experts and privacy advocates. Experts warn that if the allegations are true, hundreds of millions of Americans could be exposed to the threat of identity theft—a crime that can allow bad actors to open credit cards, take out loans, or file fake government claims in someone else’s name, leaving victims to untangle the mess for years. Borges’s filing warned of “possible nationwide fallout if the information were ever accessed by the wrong hands.”
These revelations come amid heightened scrutiny of DOGE’s presence in federal agencies. The Department of Government Efficiency, a controversial initiative under President Donald Trump, saw Elon Musk’s DOGE team embedded at the SSA and other federal offices with the stated aim of modernizing technology and rooting out fraud. Musk and his supporters have argued that the SSA’s files are riddled with outdated records—such as deceased individuals listed as living beneficiaries—highlighting the need for reform. However, critics have long questioned the necessity of DOGE’s access to such vast troves of personal data and whether its methods have put privacy at risk.
The legal battle over DOGE’s access to Social Security records has been fierce. Earlier in 2025, labor and advocacy groups succeeded in temporarily blocking DOGE from reviewing Social Security records, citing privacy risks. That block was short-lived: in June, the Supreme Court sided with DOGE, allowing the department to proceed with its review of the data. Musk’s team argued that rooting out fraud required full access, while opponents countered that the risks to privacy and security were simply too high.
As the controversy has grown, Borges has turned to the Government Accountability Project for support and is reportedly cooperating with oversight investigators. The Project, known for its work with whistleblowers, has amplified Borges’s warnings and called for a thorough review of the agency’s data practices. The complaint submitted by the Project paints a damning portrait of “questionable and risky security access and administrative misconduct,” with Borges’s resignation marking one of the most dramatic shake-ups inside the SSA in recent years.
Yet, as of August 31, 2025, there is no public evidence that a breach has actually occurred. The SSA maintains it is unaware of any leaks and remains committed to protecting citizens’ private information. Still, the lack of a breach so far does little to allay fears, given the sheer scale of the risk. As Digital Market Reports observed, “Even if no breach has occurred yet, the risk is enormous given the scale of information involved. Identity theft is already rampant, and adding a vulnerable copy of nearly every American’s Social Security record is like painting a target for hackers.”
Borges’s resignation has only intensified calls for accountability and transparency. Lawmakers and privacy advocates are demanding answers about how the data was handled, who had access, and what steps are being taken to prevent future lapses. The SSA, for its part, insists that it takes all whistleblower complaints seriously and that its personal data remains protected by robust security protocols. But with the whistleblower now gone and the allegations public, trust in the agency’s ability to safeguard America’s most sensitive information hangs in the balance.
The unfolding saga at the SSA underscores the high stakes of government data stewardship in the digital age. As the fight over access and oversight continues, millions of Americans are left to wonder just how safe their most personal information truly is—and whether those tasked with protecting it are up to the job.
