DOJ Whistleblower Exposes Trump’s Deportation Tactics!
Kalistro : Pexels

An anonymous whistleblower has alleged that a former software engineer embedded at the Social Security Administration through the Department of Government Efficiency retained copies of two tightly restricted federal databases, carried at least one out of the building on a personal thumb drive, and intended to share the information with his new private-sector employer.

The Social Security Administration's Office of Inspector General opened an investigative review of the complaint on 6 March 2026.

The allegations were first reported by the Washington Post on 10 March, citing the whistleblower complaint, a letter from the acting inspector general, and other sources reviewed directly by its reporters. The inspector general's letter, obtained independently by NPR and the Associated Press, informed the leadership of four congressional committees that the office was reviewing an anonymous complaint 'on matters relating to the potential misuse of SSA data by a former DOGE employee, among other allegations.'

Two Databases, a Thumb Drive, and a Claim of Unlimited Back-Door Access

According to the Washington Post's reporting, the unnamed former DOGE engineer, who worked at the SSA last year before leaving to join a government contractor in October 2025, allegedly told multiple co-workers at his new employer that he possessed two specific databases.

The first is the NUMIDENT, the SSA's master identity file, which holds names, Social Security numbers, dates and places of birth, citizenship status, race and ethnicity, parents' names, phone numbers, and addresses for virtually every living American. The second is the Death Master File, a federal record of individuals reported as deceased.

Together, the two databases contain records on more than 500 million living and dead US citizens, according to the Washington Post. The whistleblower alleged that the engineer described wanting to strip out personally identifying fields and plug the remaining data structure into his new company's systems.

The complaint additionally alleged that the engineer claimed to have retained what he described as 'God-level' access to SSA systems, meaning the ability to query, modify and potentially export data without restriction, even after leaving the agency.

The engineer's attorney told the Post that no data had been taken and that the allegations were false. The SSA issued a statement calling the report 'fake news,' adding that 'the allegations by a singular anonymous source have been strongly refuted by all named parties — SSA, the former employee, and the company.'

Borges Filed a Warning in August. Leadership Was Already Looking the Other Way.

The March 2026 complaint is not the first time the SSA's own data officers raised the alarm about DOGE's conduct inside the agency. In August 2025, Charles Borges, then the SSA's chief data officer, filed a protected whistleblower disclosure through the non-profit Government Accountability Project alleging that DOGE-affiliated officials had copied the NUMIDENT database into a self-administered cloud environment that lacked independent security controls.

Borges alleged that career cybersecurity officials within the SSA had internally rated the transfer request as 'very high risk,' and that an agency risk assessment form from 16 June 2025 had explicitly recommended that 'production data should not be used.' The request was nonetheless signed off by Michael Russo, a DOGE-affiliated official who briefly served as SSA's acting chief information officer.

His authorisation consisted of a single word: 'Approved.' SSA Chief Information Officer Aram Moghaddassi subsequently granted a provisional authorisation to operate, writing in his decision, according to NPR: 'I have determined the business need is higher than the security risk associated with this implementation and I accept all risks associated with this implementation and operation.'

Borges resigned on 29 August 2025, three days after filing his complaint. In his resignation letter to SSA Commissioner Frank Bisignano, he said he was 'regretfully involuntarily leaving' and described 'a culture of panic and dread, with minimal information sharing, frequent discussions on employee termination and general organisational dysfunction.'

He told FedScoop that his repeated requests for information had been 'rebuffed or ignored,' and that some employees had been specifically instructed not to respond to his inquiries.

Borges told NPR on 11 March 2026 that the new whistleblower's allegations, if true, would have 'generational consequences.' He said: 'This is exactly the scenario that kept me up at night. An irrecoverable loss of the entirety of our personal data. Once that data has left the building, you cannot close Pandora's box again.'

From a Single Thumb Drive, the Risk of a Complete Identity System Collapse

What makes the March 2026 allegations particularly alarming to privacy experts and cybersecurity professionals is not just the size of the alleged breach but the nature of the data at risk. Unlike a credit card number, which can be cancelled and reissued, a Social Security number is a lifelong identifier. The SSA has, on occasion, reissued numbers in extreme circumstances of identity theft, but the cost and administrative burden of doing so on a national scale is considered prohibitive.

The Borges complaint from 2025 cited an internal SSA risk assessment that had raised the possibility of having to re-issue Social Security numbers to millions of Americans if the cloud server it flagged was ever breached.

The SSA did not provide a timeline for when its inspector general might complete its review. The Government Accountability Office did not indicate when its audit would be finalised. The engineer at the centre of the allegations remains publicly unnamed. His attorney's denial is on record. So is a federal court's separate finding that DOGE workers had already accessed data they were not supposed to touch.

Whether a thumb drive is sitting in a private company's server room right now, or whether the allegation dissolves under scrutiny, the inspector general's probe has opened a question that neither the SSA, nor the Trump administration, nor the courts have fully resolved: who, inside the agencies the public funds and trusts, is watching the people who watch the data.

Writer's pick