Bad Doggies… Redux

The Bad Doggies are at it again, exfiltrating the Social Security data of about 450 million Americans, living and dead. Great times for identity thieves. Not so great for everybody else.

VERY Bad Doggies

Remember back in ancient times, like last April, when we wrote on this Crummy Little Blog That Nobody Reads (CLBTNR) about the DOGE boys being bad little doggies for apparently illegally exfiltrating NLRB data while turning off safeguards like logging & access controls?

Well, buckle up. It seems they’re now committing similar likely crimes at the Social Security Administration. This time, instead of just getting confidential info on NLRB court cases against Musk and cronies, they’ve gotten identity information on all Americans. ^{[1] [2]}

And by “all”, I mean living and dead, back to the dawn of Social Security.

The whistleblower here is no low-level stooge. It is, in fact, the Chief Data Officer of the Social Security Administration, Charles Borges.

• He reported internally to the (MAGA/DOGE) management of the SSA that the “Numident” (numerical identification system) database had been uploaded in its entirety to an unsecured cloud server by DOGE boys.
• This database contains names, Social Security numbers, places and dates of birth, citizenship, race, ethnicity, address and even parents names.
• This applies to anyone who has ever had a Social Security number, whether currently alive or dead.
• This seems to work out to about 450 million people who now have their identities completely exposed to identity fraud risk.
• It appears that the new senior MAGA/DOGE management of SSA actually approved this, even though it is widely believed to have been highly illegal, e.g., under the Federal Information Security Modernization Act (according to Borges).
• When internal appeals did not work, he made a formal whistleblower complaint to the Government Accountability Project. ^[3] That complaint was then forwarded to members of Congress and the US Office of Special Counsel.

From the complaint:

This vulnerable cloud environment is effectively a live copy of the entire country’s Social Security information from the Numerical Identification System (NUMIDENT) database, that apparently lacks any security oversight from SSA or tracking to determine who is accessing or has accessed the copy of this data. NUMIDENT contains all data submitted in an application for a United States Social Security card—including the name of the applicant, place and date of birth, citizenship, race and ethnicity, parents’ names and social security numbers, phone number, address, and other personal information. Should bad actors gain access to this cloud environment, Americans may be susceptible to widespread identity theft, may lose vital healthcare and food benefits, and the government may be responsible for re-issuing every American a new Social Security Number at great cost.

It’s bad enough that DOGE got access to the data, which they definitely should not have. But even worse that they just… took it and put it on a cloud server with no security and no logging to tell what they do with it.

In response, new SSA Commissioner Frank Bisignano denied that anything was insecure, that it was all “walled off from the internet”. We’ve previously written about who Frank Bisignano is, namely a Wall Street investment banker, formerly the highest-paid CEO in the US, who used layoffs as a constant threat against employees. He’s also a long-time Republican donor, in particular to Trump.

Do you really want to take his word on computer security issues?

I do not.

You can probably imagine what happened next: management retaliation. SSA people were instructed not to talk to Borges, which of course cripples his ability to do his job legally and ethically.

Journalist Marisa Kabas (and founder of The Handbasket reported today that Borges has resigned, and supplies a copy of his letter of forced resignation:

As you can see, he says he’s forced out due to management retaliation making it impossible to perform his job “legally and ethically”. Management retaliation against whistleblowers of this sort is a federal crime, according to the Office of the Inspector General.

But it appears that lawlessness is no barrier to MAGA/DOGE, since it seems they immediately violated federal record-keeping laws by attempting to delete all record of this email from the inboxes of all who received it, according to Kabas:

I’m not a lawyer, but… it just looks like federal crime after federal crime committed by these guys: unlawful data exfiltration, whistleblower retaliation, destruction of federal records… Sometimes the coverup is worse than the original crime.

The Weekend Conclusion

I know dog training has progressed beyond the “swat ‘em on the nose with a rolled-up newspaper” doctrine of my youth. Very few newspapers left, for one thing. But I kinda do wanna swat these ignorant fascists on the nose with a rolled-up newspaper.

I’d of course settle for a change of government, mass prosecutions, convictions, and imprisonments. That would be much better.

Say it along with me: Ceterum censeo, Trump incarcerandam esse.

---

Notes & References

1: A Revilla, “Whistleblower claims DOGE uploaded Social Security data to unsecure cloud server”, Engadget, 2025-Aug-26. ↩

2: J Brodkin, “DOGE accused of copying entire Social Security database to insecure cloud system”, Ars Technica, 2025-Aug-26. ↩

3: C Borges, “Protected Whistleblower Disclosure of Charles Borges Regarding Violation of Laws, Rules & Regulations, Abuse of Authority, Gross Mismanagement, and Substantial and Specific Threat to Public Health and Safety at the Social Security Administration”, Government Accountability Project web site, downloaded 2025-Aug 29, dated 2025-Aug-26. ↩