A former employee of the Department of Government Efficiency allegedly exfiltrated highly restricted Social Security Administration databases onto a thumb drive, according to a whistleblower complaint described by The Washington Post. The SSA’s Office of Inspector General is investigating, raising urgent questions about insider access, removable media controls, and the protection of some of the nation’s most sensitive personal data.
The individual, a software engineer who cycled through SSA while working with DOGE, reportedly told colleagues he had taken two tightly controlled troves and intended to use the information at a new employer. The report also says he boasted of “God-level” access to SSA systems—an alarming claim in any federal environment subject to strict least-privilege rules.
What Data Was Allegedly Taken From SSA Systems
The complaint centers on two crown jewels of federal identity data: the Numident and the Death Master File. Numident is the Social Security Administration’s master record of individuals assigned Social Security numbers, including names, dates and places of birth, citizenship indicators, and parental information. The Death Master File, distributed in a limited form by the government for fraud prevention, contains records of deceased individuals and is closely governed due to the risk of identity misuse.
The Washington Post reported the material could span data linked to more than 500 million living and deceased people. That scope, if verified, would be extraordinary. It would also amplify the downstream risks: identity theft, credit fraud, tax refund fraud, and synthetic identity schemes that stitch together elements of real and fabricated data.
Why Insider Data Theft Is So Dangerous for Agencies
Insider incidents remain one of the hardest problems in security. Verizon’s Data Breach Investigations Report has consistently found that a meaningful fraction of breaches involve internal actors—typically around 19%—and that privileged users can circumvent many perimeter defenses. IBM has estimated the average cost of a data breach at more than $4 million, a figure that can soar when regulated personal data is involved.
Removable media compounds the risk. Even with modern endpoint detection and logging, a small thumb drive can become a massive exfiltration channel if media restrictions, data loss prevention, and session recording on privileged accounts are not rigorously enforced. Federal guidance, including NIST SP 800-53 controls, calls for strict least privilege, continuous monitoring, and prohibitions or granular control over portable storage for exactly this reason.
History offers sobering parallels. From the Veterans Affairs laptop theft that exposed tens of millions of records to well-known contractor leaks at intelligence agencies, misuse of authorized access has repeatedly outmaneuvered traditional defenses. The remedy is not just technology—it’s governance, immutable audit, and rapid, enforced revocation of access the moment roles shift.
How SSA and Federal Watchdogs Are Responding Now
The SSA Office of Inspector General’s probe will likely examine access logs, removable media registries, and any anomalous data pulls or account escalations tied to the engineer. If data handling violations are confirmed, potential exposure could implicate the Privacy Act and criminal statutes including theft of government records and unauthorized access under the Computer Fraud and Abuse Act.
Standard containment in a case like this involves:
- Immediate suspension of implicated credentials
- Forensic imaging of systems used by the suspect
- Validation of chain-of-custody for any seized devices
- Outreach to other agencies or contractors where the data might have traveled
If confirmed, notification to affected individuals and coordination with credit bureaus and the IRS for fraud mitigation could follow.
Broader Pattern Of DOGE SSA Controversies
The allegation arrives amid other disputes over DOGE-linked activity at SSA. A lawsuit previously accused DOGE personnel of improperly accessing Social Security numbers for non-mission purposes involving an external advocacy effort. A separate whistleblower claimed DOGE staff uploaded hundreds of millions of SSA records to a vulnerable cloud environment. A federal judge later blocked DOGE from further SSA system access, characterizing the initiative as a fishing expedition.
While each matter remains subject to legal and investigative outcomes, the pattern underscores a governance gap: unclear missions for embedded teams, limited transparency to career staff, and inconsistent guardrails around privileged access in one of the government’s most sensitive data domains.
What Comes Next for Investigators and Individuals
Expect investigators to focus on three questions:
- Precisely what was accessed
- What was removed
- Who else may have received the data
Agencies and contractors handling SSA information will be pressed to show robust controls over removable media, just-in-time elevation for privileged tasks, session recording for admin activity, and real-time DLP tuned to structured datasets like Numident and the Death Master File.
For individuals potentially affected, the practical steps are familiar but essential:
- Freeze credit
- Monitor tax transcripts for suspicious filings
- Watch for benefits-related anomalies
For SSA, which supports tens of millions of beneficiaries, the incident is a reminder that zero trust is not a slogan—it’s a set of enforceable controls that make even “God-level” access accountable, observable, and, when necessary, instantly revocable.
