Government Surveillance
A DOGE Employee Walked Out With Your Social Security Data on a Thumb Drive
He didn't break in through a firewall. He didn't write a single line of malicious code. He didn't spend months mapping a network looking for a way in. He just grabbed two USB drives, walked out the front door of a federal building, and took your data with him.
That's the story. And it's a lot worse than it sounds.
Who This Guy Was
The man at the center of this worked inside the Social Security Administration as a software engineer for DOGE. The Department of Government Efficiency. The initiative that sent young tech workers into federal agencies with broad access to some of the most sensitive government systems in the country.
This particular engineer left his post in October 2025. He went to work for a private sector government contractor.
According to a whistleblower complaint reviewed by The Washington Post, he didn't leave empty-handed.
He allegedly told multiple colleagues at his new job that he had two databases of U.S. citizens' information in his possession. He said at least one of them was sitting on a personal thumb drive. And he told them he was planning to plug the data into his new company's systems.
The Social Security Administration's inspector general is now investigating.
What He Allegedly Took
The two databases at the center of this story are called NUMIDENT and the Death Master File.
Most people have never heard of either one. That's by design. These are not public records.
- NUMIDENT One of the most comprehensive identity databases the federal government has ever built. It contains Social Security numbers, dates of birth, places of birth, and parents' names for nearly every living American. The records go back generations. If you have a Social Security number, you're in it.
- The Death Master File A federal record of deceased Americans, used to verify deaths, prevent fraud, and manage benefits across federal programs. It contains information on hundreds of millions of people going back decades.
Together, these two databases cover records for more than 500 million living and dead U.S. citizens.
The Scale
"That's not a data breach. That's the whole country."
God-Level Access
Here's the detail that makes this story even harder to accept.
According to the whistleblower, the former engineer didn't just claim to have the databases. He also claimed to have retained what he called "God-level" access to the Social Security Administration's systems.
That means he allegedly still had the ability to get back in. To read records. Potentially to edit them.
Even after he left. Even after he was no longer a government employee. Even after he had already moved on to a private company.
Think about that for a second. A person with no current government role, no security clearance, no oversight, sitting at a desk somewhere in the private sector with the ability to reach back into the Social Security Administration's systems at will.
That's not a vulnerability. That's a failure of basic security hygiene so fundamental it's hard to put into words.
This Wasn't the First Time
If you're thinking this sounds familiar, you're not imagining it.
This is the third major DOGE-linked data incident at the Social Security Administration in the past year. And each one has been worse than the last.
The first came from Chuck Borges, the former chief data officer at the SSA. He filed a whistleblower complaint last year alleging that DOGE staffers had copied a dataset of more than 300 million Americans' information onto a private cloud server. No security protocols. No oversight. Just an enormous copy of the SSA's most sensitive records sitting on infrastructure the agency had no visibility into.
The SSA said at the time that everything was fine. Nothing was compromised.
Then came the January revelation.
In a court filing, the Trump administration admitted that DOGE had shared Social Security data on an unauthorized private service. The filing also revealed that two DOGE employees had accessed Social Security numbers they weren't authorized to see and tried to hand that data to an outside advocacy group. That group was reportedly trying to match Social Security records with state voter rolls.
The same filing said DOGE employees sent confidential information on roughly 1,000 Americans directly to Elon Musk's staff.
Those two employees were referred to a federal watchdog for potentially violating the Hatch Act.
Now this. A third whistleblower. A thumb drive. An employee who allegedly left with the entire database and told his new coworkers about it like it was a selling point.
Borges, the former chief data officer, told NPR this week that if the new allegations are true, the consequences would be generational. He said this is exactly the scenario that kept him up at night.
Former SSA Chief Data Officer Chuck Borges
"An irrecoverable loss of the entirety of our personal data. Once that data has left the building, you cannot close Pandora's box again."
He's right.
What the SSA Says
The Social Security Administration pushed back hard.
A spokesperson said the allegations were false. They said they'd been refuted by all named parties. They called the Washington Post story an attempt to scare seniors with fake news.
Maybe that's true.
But here's what isn't in dispute. DOGE staff did have access to these systems. The January court filing confirmed it. The government admitted DOGE shared SSA data on unauthorized outside servers. Two DOGE employees were referred to a watchdog for violating federal law. The SSA initially said everything was fine and then reversed itself months later.
That's not a track record that earns the benefit of the doubt.
And the inspector general's office, which is independent from the SSA and from the administration, is actively investigating the new complaint. They sent a formal letter to the leaders of four congressional committees telling them an investigation was underway.
You don't write letters to Congress about fake news.
The Part Nobody Is Talking About
Most of the coverage of this story is focused on the politics. Who's responsible. Who knew what. Which party looks bad.
That's all noise.
The part that matters is simpler than any of that.
Your Social Security number was in that building. Your date of birth. Your place of birth. Your parents' names. Records going back to the day you were born.
You didn't consent to having any of it handed to DOGE. You didn't vote on whether tech workers should have unfettered access to federal identity databases. You didn't sign anything giving a software engineer permission to walk out the door with your information on a thumb drive.
It happened anyway.
And right now, someone is investigating whether that thumb drive made it to a private company's servers. The investigation is ongoing. There are no answers yet. The SSA says it didn't happen. The whistleblower says it did. The inspector general is trying to figure out who's telling the truth.
While they do that, your data is out there somewhere. Maybe it's safe. Maybe it isn't.
You'll probably never know for sure.
What This Should Tell You
There's a version of this story where you blame DOGE. There's another version where you blame the government agencies that allowed this kind of access in the first place. There's another version where you blame the political process that made any of it possible.
None of those versions are wrong.
But all of them miss the bigger point.
Your data flows through systems you've never heard of. It's managed by people you'll never know. The oversight meant to protect it clearly isn't working. And when something goes wrong, the default response from the agencies involved is to deny it until a court filing or a whistleblower makes denial impossible.
This is how it works. This has always been how it works.
The difference now is that more people are starting to pay attention.
The Bottom Line
We can't fix the Social Security Administration. We can't undo what DOGE did or didn't do with your data.
But we can help you lock down the device in your pocket. The one that knows your name, your location, your contacts, your messages, and more than any thumb drive ever could. If you're done trusting that someone else is protecting your information, Ghost Phone was built for exactly that moment.
