Department of Government Efficiency personnel have transferred sensitive Social Security data for more than 300 million Americans to an unsecured cloud system, raising serious concerns about data protection and government oversight, according to internal sources.
The massive dataset, which includes full names, Social Security numbers, dates of birth and other personal identifiers, was duplicated and moved to a DOGE-controlled cloud environment that lacks independent safeguards or external monitoring, sources said.
The transfer occurred in June 2025 after DOGE personnel reportedly expanded their access to Social Security Administration records and received approval from the SSA’s Chief Information Officer to move the data. A Supreme Court ruling had previously granted DOGE broader access to SSA records, providing legal backing for the data transfer.
However, the decision to create a complete copy of the SSA database without standard protections has alarmed watchdog groups and lawmakers who warn of potential misuse or exposure of highly sensitive personal information.
The Social Security Administration maintains it has strong data protections in place and has found no evidence of a breach. Agency leadership said it takes whistleblower complaints seriously and continues to prioritize information security.
Despite these assurances, critics argue the lack of independent oversight has created dangerous vulnerabilities in the system that protects Americans’ most sensitive personal data.
Security analysts warn the consequences could be severe if the data is compromised. In a worst-case scenario, the government might need to reissue Social Security numbers to every American – a process that would be extraordinarily costly, complex and disruptive to millions of people.
The controversy highlights ongoing tensions between efficiency-driven government initiatives and the need to maintain strict safeguards for critical personal information. Lawmakers have expressed alarm at what they characterize as a breakdown in accountability that puts sensitive records at risk with limited ability to track how the data is being managed.
While no confirmed breach has been reported, the combination of unauthorized duplication, absent oversight and the sensitive nature of the information continues to draw scrutiny from Congress and government watchdogs concerned about compliance with federal data protection laws.