Millions of Americans’ Data Exposed by DOGE

A federal court filing has revealed a major data security breach involving Elon Musk’s Department of Government Efficiency (DOGE). Employees reportedly violated a court order by accessing and sharing the sensitive Social Security data of millions of Americans through unauthorized third-party servers. The filing also exposed coordination with a political advocacy group regarding voter data analysis. This incident, which puts highly sensitive personal information at risk, has led to calls for criminal prosecution and vindicated a government whistleblower who faced retaliation for raising concerns.

Story Snapshot

DOGE employees used Cloudflare, an unapproved third-party server, to share Social Security Administration data in defiance of court restrictions
Millions of Americans’ bank account numbers, health records, wage histories, and immigration status were placed at risk of exposure or theft
A DOGE associate signed a “Voter Data Agreement” with an unnamed political advocacy group seeking to analyze state voter rolls and overturn election results
SSA whistleblower Charles Borges faced retaliation after raising internal concerns that were later vindicated by the court filing
Two DOGE employees were referred for Hatch Act violations, with Congressional Democrats demanding criminal prosecution

Court Filing Exposes Unauthorized Data Access

The Department of Justice submitted a court filing to the U.S. District Court for the District of Maryland on January 17, 2026, disclosing that DOGE representatives accessed Social Security Administration systems containing personally identifiable information beyond their authorized scope. The filing revealed that DOGE employees used Cloudflare, a third-party internet services provider not approved for storing SSA information, to share sensitive data. SSA officials remained unaware of this usage until a November 2025 records review, and the agency cannot determine what data was shared or whether it still exists on the server. This represents a fundamental breach of data security protocols that every American should find deeply concerning.

Bombshell update in our case: The admin reveals DOGE accessed, shared, and may have even exported Americans' personal Social Security information to an external group despite a court order blocking it.

We will see them back in court. pic.twitter.com/pIgJu2BlM9

— Democracy Forward (@DemocracyFwd) January 21, 2026

Political Advocacy Group Coordination Raises Election Integrity Questions

On March 24, 2025, a DOGE associate signed a “Voter Data Agreement” with an unnamed political advocacy organization seeking to analyze state voter rolls in an apparent attempt to overturn election results. The SSA discovered this agreement during its records review in November 2025, eight months after the fact. This coordination between government employees with access to sensitive federal data and a political group focused on election outcomes raises serious constitutional concerns. The court filing does not identify the advocacy group, leaving Americans in the dark about who gained access to their information and for what specific purposes. This secrecy undermines public trust and accountability.

Whistleblower Vindicated After Retaliation

Charles Borges, the SSA’s former chief data officer, raised concerns about DOGE’s data handling practices internally before the AFL-CIO lawsuit was filed in February 2025. When Borges refused to accept explanations from DOGE appointees regarding data security risks, he was isolated, subjected to a hostile work environment, and experienced career-derailing retaliation. The January court filing vindicates his warnings, confirming that his allegations were accurate. Borges’ attorney, Debra S. Katz, stated that the filing is a concession from the federal government and called for appropriate action to protect Americans’ data and provide Borges with justice for violations of his rights. This case demonstrates why whistleblower protections matter—federal employees who raise legitimate concerns should be celebrated, not punished.

Federal Court Imposes Restrictions on DOGE Access

Labor groups, including the AFL-CIO, filed suit in February 2025 after discovering that DOGE operatives had gained access to private Social Security records without appropriate legal authority. The U.S. District Court for the District of Maryland issued a temporary restraining order in March 2025 limiting DOGE’s access to SSA data, and has since granted a preliminary injunction stopping DOGE’s access while the broader lawsuit proceeds. Despite the SSA’s previous assurances to the court in March 2025 that all DOGE associates had undergone required privacy and ethics training and that IT safeguards prevented integration of private or commercial servers, the records review revealed that DOGE representatives had already used Cloudflare to share data before the restraining order was issued. This undermines the agency’s credibility and raises questions about oversight.

Representatives John Larson and Richard Neal, the highest-ranking Democrats on the House Social Security and Ways and Means committees, called the disclosure “alarming” and demanded that DOGE appointees be prosecuted to the fullest extent of the law, characterizing the incident as potentially the largest data breach in U.S. history. The SSA has referred two DOGE employees for possible Hatch Act violations to the U.S. Office of Special Counsel. AFT President Randi Weingarten stated that the Trump administration’s admission confirms worst fears and that DOGE’s actions broke a basic bond of trust between government and citizens. While DOGE’s mission to identify government waste is commendable, that goal cannot justify compromising Americans’ most sensitive personal information or coordinating with political groups using federal data. Accountability and transparency must prevail.

Watch the report: DOJ: DOGE employee shared Social Security data