Social Security Administration

DOGE personnel arrived at SSA in February 2025. Aram Moghaddassi was hired as a Department of Labor Policy Advisor on February 18, detailed to SSA on February 22, and gained read-write access to the SSA PSSNAP system on March 14 ⁶.

Between March 7 and 17, 2025, DOGE-affiliated SSA staff shared agency data through Cloudflare servers. Cloudflare is a commercial content delivery and network services company; it had not been approved as a storage or transit environment for SSA data and operated outside SSA’s security authorization framework. On March 3 — before the main Cloudflare window — one DOGE SSA member sent an encrypted, password-protected file containing names and addresses of approximately 1,000 people to DHS. The transmission copied Steve Davis, a DOGE adviser, and a DOGE Department of Labor employee. SSA’s CIO was unable to open the file. As of January 16, 2026, when the Department of Justice filed a Notice of Corrections to the court record in AFSCME v. SSA, the agency could not determine whether the data transmitted through Cloudflare had been deleted ^{1 2}.

The DOJ’s January 2026 notice acknowledged that earlier government representations to the court had been inaccurate. According to the corrected filing, DOGE had been accessing SSA data and routing it through the unapproved Cloudflare infrastructure during the period when the government had stated otherwise ⁵.

On March 24, 2025, a DOGE SSA team member signed a ‘Voter Data Agreement’ in his capacity as an SSA federal employee. The agreement was with an unnamed political advocacy group whose stated objective was to identify evidence of voter fraud and contest election results in specific states. The group had acquired state voter rolls and sought to match them against SSA records to identify noncitizens who had voted ³.

SSA did not discover the agreement until November 2025, when a routine records review surfaced it. Two Hatch Act referrals were submitted to the Office of Special Counsel in December 2025. The Hatch Act prohibits federal employees from using their official authority to interfere with or affect the result of an election or from engaging in certain political activities while on duty. True the Vote, a Texas-based organization that published an ‘Appeal to DOGE’ in March 2025 focused on noncitizen voter detection, has been identified as a suspected — but unconfirmed — party to the agreement. True the Vote has denied involvement. No evidence has emerged that SSA records were actually transferred to the advocacy group under the agreement ³.

Separately, Aram Moghaddassi emailed the deputy chief of staff for Florida Governor Ron DeSantis from a DHS email account in March 2025, requesting Florida voter registration and voting data. In the email, obtained via public records request by American Oversight, Moghaddassi wrote that ‘Florida voter registration and voting data would be helpful immediately to check for voter fraud.’ No evidence has emerged that Florida voter rolls were shared in response ^{7 8}.

The NUMIDENT (Numerical Identification System) is SSA’s master identity database. It contains SSNs, names, phone numbers, addresses, dates and places of birth, citizenship status, race and ethnicity, and parents’ names and SSNs for every person who has been issued a Social Security Number — more than 300 million living Americans and an additional population of deceased persons. Total SSNs issued exceeded 548.3 million as of early August 2025 ⁹.

After a federal district court issued a temporary restraining order on March 20, 2025, blocking DOGE access to SSA data, the Supreme Court lifted that injunction on June 6, 2025. On June 10–11, DOGE staffer John Solly formally requested authorization to copy the live NUMIDENT database to a cloud environment. On June 16, SSA’s own internal Risk Assessment Form concluded that a NUMIDENT copy to cloud storage carried a 35–65 percent probability of a data breach with a catastrophic adverse effect rating ^{10 11}.

The upload proceeded on June 25, 2025, when DOGE personnel transferred a live production copy of the NUMIDENT to an Amazon Web Services virtual private cloud test environment. Authorization was obtained from DOGE-affiliated SSA official Michael Russo on the same date. The environment had not undergone the verified security controls required for SSA production data. Court records do not document any audit process or oversight external to DOGE-affiliated staff ^{12 13}.

Aram Moghaddassi, who had been appointed SSA CIO following Michael Russo’s brief tenure, issued a Provisional Authorization to Operate for the cloud environment on July 15, 2025. In his written justification, quoted in court records, Moghaddassi stated that he had ‘determined the business need is higher than the security risk’ ¹⁴. The Senate HSGAC minority staff report — the Peters report, released September 26, 2025 — documented the full authorization sequence and cited this language. The report assessed that a worst-case NUMIDENT breach could require re-issuing Social Security Numbers for all 548 million-plus Americans, with cascading effects on banking, employment, healthcare, and housing, and would expose the data to foreign adversaries including Russia, China, and Iran ⁹.

SSA CDO Charles Borges filed a whistleblower disclosure with the Office of Special Counsel on August 26, 2025, specifically naming the NUMIDENT cloud transfer as an unlawful act. He resigned August 29. The Peters report identified SSA as part of a cross-agency pattern in which career cybersecurity officials who raised objections were sidelined or removed, and DOGE-affiliated personnel were installed as CIOs to approve DOGE staffers’ access without following standard oversight procedures ^{4 15}.

On April 8, 2025, SSA added more than 6,300 living immigrants to the Death Master File — a federal database used by financial institutions, employers, and government agencies to verify whether an individual is deceased. For this operation SSA renamed the file the ‘Ineligible Master File.’ The list of individuals was provided by DHS and comprised immigrants whose temporary legal status had recently been revoked. The additions were recorded with fabricated death dates. The population included minors; at least one was 13 years old ¹⁶.

The authorization chain ran from Aram Moghaddassi, who transmitted the DHS list to SSA, through Acting Commissioner Leland Dudek, who signed two memoranda with DHS Secretary Kristi Noem authorizing the operation. Dudek signed despite initially concluding the action was illegal. Career SSA IT chief Greg Pearre was physically removed from his office when he refused to execute the plan on the same grounds ¹⁶.

Moghaddassi had characterized the 6,300 individuals as immigrants ‘homeland security officials had identified as having temporary legal status but who were now either on the terrorist watch list or had FBI criminal records.’ If the Death Master File additions had not been reversed, affected individuals’ benefits, bank accounts, and government services would have been suspended or terminated based on the fabricated death records ¹⁶.

AFSCME AFL-CIO v. Social Security Administration (D. Md., CourtListener docket CL:69664313) was filed February 21, 2025. On March 20, 2025, the district court issued a temporary restraining order blocking DOGE access to SSA systems and data. On June 6, 2025, the Supreme Court vacated the TRO, allowing DOGE access to resume. Within four days, DOGE personnel submitted the request to copy the NUMIDENT database to a cloud environment ^{5 11}.

On January 16, 2026, the Department of Justice filed a Notice of Corrections to the Court Record, acknowledging that earlier representations to the court had been inaccurate. The government’s prior filings had misstated the extent and nature of DOGE’s access to SSA data; the notice acknowledged that DOGE had accessed SSA data and routed it through Cloudflare — a commercial, unapproved server — during the March 7–17, 2025 window. Democracy Forward, as counsel for AFSCME, moved for discovery and depositions regarding DOGE’s SSA data access following the corrected filing ⁵.

The Senate Finance Committee separately demanded answers from SSA after the January 2026 court filing revealed the agency could not account for the full extent of data accessed and shared by DOGE personnel. The Peters HSGAC minority staff report (September 26, 2025) documented SSA as one of multiple agencies where DOGE operations likely violated the Privacy Act of 1974, the E-Government Act of 2002, FISMA, the Federal Records Act, and potentially the Computer Fraud and Abuse Act ¹⁷.

The NLRB data-access conflict — in which DOGE accessed NLRB case management data (NxGen) while SpaceX had pending NLRB cases and Elon Musk was pursuing a constitutional challenge to NLRB’s structure — represents a related instance of DOGE data access intersecting with concurrent commercial and legal interests of DOGE-affiliated private parties. The Fifth Circuit dismissed SpaceX’s NLRB appeal for lack of jurisdiction in March 2025; the constitutional challenge continued. More than a dozen federal court cases involved DOGE data access questions as of NPR’s April 2025 reporting ¹⁸.

Aram Moghaddassi served as the primary DOGE-affiliated official at SSA. Born February 1999, he graduated from UC Berkeley with a BS in Applied Mathematics in 2021 and worked at Neuralink (2021–2022) and X Corp/Twitter (December 2022 through early 2025). He held simultaneous appointments at SSA and DHS during the DOGE period, was the fourth CIO at SSA since January 20, 2025, and personally authorized both the NUMIDENT cloud transfer and DOGE members’ access to USCIS immigration verification systems. He was one of two SSA staffers referred for Hatch Act violations in December 2025 in connection with the Voter Data Agreement ^{19 8 20}.

John Solly served as a DOGE-affiliated SSA staffer who submitted the formal request to copy the NUMIDENT to cloud storage on June 10–11, 2025 — four days after the Supreme Court ruling. Michael Russo, another DOGE-affiliated CIO who preceded Moghaddassi at SSA, provided the initial June 25 authorization for Solly’s upload request ^{13 12}.

Charles Borges served as SSA Chief Data Officer and filed the whistleblower disclosure with the Office of Special Counsel on August 26, 2025, specifically naming the NUMIDENT cloud transfer. He resigned August 29. Greg Pearre, SSA’s career IT chief, was physically removed from his office for refusing to execute the Death Master File additions ^{4 16}.

Antonio Gracias, a Tesla and SpaceX board member, served as a DOGE-affiliated staff member at SSA during the same period ²¹.