What we know so far: The Social Security Administration's inspector general has opened an investigation into a whistleblower complaint alleging that a former member of DOGE – the Trump administration's cost-cutting task force led by Elon Musk – told colleagues he had copied two tightly restricted databases onto a thumb drive and planned to use the data at his new private-sector job. The probe has been disclosed to key members of Congress and shared with the Government Accountability Office, which is already auditing DOGE's access to agency data, according to people familiar with the matter and a letter from the acting inspector general.
The complaint has also been reviewed by The Washington Post, which interviewed the whistleblower, who filed anonymously out of fear of retaliation.
The complaint centers on two core SSA systems: the Numerical Identification System, or Numident, and the Master Death File. Together, they hold records for more than 500 million living and deceased individuals, including Social Security numbers, dates and places of birth, citizenship, race and ethnicity, and parents' names – data that underpins benefit eligibility checks, identity verification, and fraud detection.
Numident functions as the master database of Social Security enumeration data, while the Death Master File is a derived dataset of reported deaths used across government and industry to prevent improper payments and identity theft. Control over this infrastructure is normally tightly constrained, with access segmented and audited.
The whistleblower alleges that while working at SSA last year, the DOGE software engineer told colleagues he possessed two of these restricted databases – at least one of them on a thumb drive – and wanted help transferring the contents to a personal computer so he could "sanitize" the data before uploading it into systems at his new employer, a government contractor he joined in October.
According to the complaint, he said he intended to strip personal identifiers from the records and integrate the resulting dataset into the company's tools. One colleague refused to assist, citing legal concerns, and recalled the engineer saying he expected a presidential pardon if his actions were later deemed illegal. The complaint does not assert that any transfer to the company's systems actually occurred.
The engineer has denied wrongdoing through his attorney, and neither he nor the company is being named because the underlying allegations have not been independently confirmed. The company said it conducted a two-day internal investigation and concluded that the claims were unsubstantiated.
An SSA official familiar with the engineer's departure said he returned his agency laptop and lost his data credentials when he left government service, contradicting the complaint's claim that he retained "God-level" access capable of bypassing most internal restrictions.
Still, the inspector general's office considered the allegations serious enough to open a formal inquiry and brief Congress and the GAO. The complaint, first filed on Jan. 9 and amended on Jan. 26, describes the former DOGE engineer telling the whistleblower that he was "permitted" unfettered access to Americans' Social Security data and that his retained credentials carried unusually broad privileges unmatched by those of other employees at his new firm.
The complaint comes amid wider turmoil over DOGE's use of SSA systems. A separate whistleblower – former SSA chief data officer Charles Borges – alleged in August that DOGE staffers improperly copied Social Security data into an unsanctioned cloud environment, circumventing internal safeguards and potentially breaching federal privacy laws.
His complaint cited internal email threads, including a June 2025 exchange in which officials discussed an unusual request for a DOGE member to copy Numident data. The request was ultimately approved by a DOGE-aligned senior IT official.
SSA initially rejected Borges's claims, saying the data he referenced resided in an internet-isolated secure environment. However, the Justice Department later acknowledged in court filings that DOGE staff had accessed and shared sensitive Social Security records without agency leaders' knowledge, including through an unapproved third-party service and via an agreement with a political group seeking to overturn election results in several states.
DOGE's mandate was to mine government systems for signs of waste, fraud, and misaligned spending – a mission that required deep technical access to longstanding federal databases. A team of about a dozen DOGE technologists was embedded at Social Security headquarters starting in February 2025.
Their technical approach involved assembling cross-database views that could surface anomalies – for example, benefits still flowing to individuals listed as deceased in the Death Master File or inconsistencies in Numident records. The team's remit was to identify signs of fraudulent benefits, particularly payments to deceased individuals.
– Elon Musk (@elonmusk) February 17, 2025
Agency technologists, however, often challenged what they saw as DOGE's presumption of widespread fraud and raised concerns about what they described as the team's "pre-ordained" conclusions.
Legal and oversight responses have been fragmented. The GAO is now conducting a government-wide review of DOGE's access to sensitive data, including at SSA, and has been briefed on both the new complaint and Borges's earlier allegations. The watchdog's audit, however, does not offer whistleblower protections – a gap that Borges's attorneys say could discourage people with sensitive information from coming forward.
Borges was informed that the Office of Special Counsel would pause its review of his complaint while the GAO's broader audit proceeds, leaving open questions about what remedies, if any, will be available to those who raised the alarms.
For data stewards within SSA, one of the most troubling unknowns is what happened to sensitive datasets after they left the agency's controlled environments. Borges has said he fears the government may never be able to track the ultimate disposition of replicated records once they were copied into other systems or onto removable media.
He described the situation as a worst-case scenario in which there could be "one or a million copies" of the data, with no reliable way to know.