Back in March, Social Security officials swore to a federal judge that members of Elon Musk’s DOGE team never had access to individuals’ personal information held at the agency, and certainly could not have misused it even if they had.
The Social Security Administration has now taken all that back.
In a “notice of corrections” filed Jan. 16 in a federal lawsuit brought by public employee unions alleging privacy violations by SSA under Trump, the agency confessed that DOGE staffers indeed had the access that it had previously denied.
It acknowledged that DOGE staffers traded some of that information among themselves and transferred some of it to a non-Social Security server — and that even now Social Security can’t find out what information was raided.
At least some of the transfers took place while a court order barred DOGE from any data access. (Federal Judge Ellen Lipton Hollander of Maryland issued the order on March 20, but the Supreme Court suspended it on June 6, granting DOGE virtually unlimited access to the data while the lawsuit remains pending.)
The agency also admitted in its filing that two members of the DOGE team assigned to the Social Security Administration had contact with a political advocacy group seeking to overturn election results in several states, and that one signed a secret agreement to share Social Security data with the group.
The filing says the agency referred the two (unidentified) DOGE staffers to the Office of Special Counsel for possible violations of the Hatch Act, a 1939 law that bars civilian executive branch employees from engaging in certain political activities.
This in itself sounds like a joke. The Hatch Act is one of our most toothless federal statutes. Violators face nothing more serious than firing, reduction in salary grade, a ban on federal employment for up to five years, suspension, reprimand or a fine of up to $1,000. Since the DOGE staffers may already have left their government jobs, what would they care?
The Social Security Administration’s sudden reversal of its earlier denials about DOGE’s rampage through its most sensitive records rattled Social Security advocacy groups. It should horrify the 185 million American workers paying into Social Security and the 69 million Americans receiving benefits, all of whom used to have confidence that the agency had robust protections of their personal information, but now may be exposed to identity theft and other privacy violations.
Advocates have been railing almost since the advent of the Trump term about potential breaches of Social Security privacy regulations, especially since an agency whistleblower, former data officer Charles Borges, warned Congress and went public about DOGE’s violations of data security protocols.
“We have warned from the beginning that DOGE had no business accessing this data and that no good could come of it,” says Max Richtman, president of the National Committee to Preserve Social Security and Medicare.
“This week’s revelations are just the tip of the iceberg,” says Alex Lawson, executive director of Social Security Works, who urged Congress to launch an investigation. “We need to know exactly who has our data and what they are doing with it.”
I asked Social Security Commissioner Frank Bisignano, who took office in May, for his reaction to the disclosures, but received no reply. Shortly after assuming his post, Bisignano told the Wall Street Journal that he planned to deploy DOGE staffers to help Social Security personnel revamp customer service. “I look at them as a resource to help me,” he said, having described himself as “fundamentally a DOGE person.” I asked if he still felt that way, but got no reply to that question either.
The “corrections” document bristles with lawyerly dodges asserting that agency officials were telling the truth, as they knew it, when they denied that DOGE was rummaging through private data.
On March 24, for instance, then-Commissioner Leland Dudek declared to Judge Hollander that DOGE “never had access to SSA systems of record,” but also that DOGE staffers’ access to any personally identifiable information had been revoked as of that day.
In fact, throughout the morning of that very day one DOGE team member ran searches for personally identifiable information in a highly sensitive agency database. DOGE’s access to the file wasn’t terminated until noon.
“SSA believed that statement to be accurate at the time it was made, and SSA believes it to be accurate today,” the agency said in its latest filing, referring to Dudek’s declaration. It just wasn’t “accurate” during the period when it wasn’t true.
This is an obvious circumlocution. The government basically contends that willfully turning a blind eye to something you know is going on is tantamount to not knowing. That won’t do. Saying something is true when you know it to be false is lying.
The Social Security Administration had testimony in hand that on March 3 a DOGE staffer at the Social Security Administration emailed a file believed to contain names and addresses of 1,000 individuals to a senior DOGE official outside SSA.
Because the file is password-protected, however, “SSA has been unable to access the file to determine exactly what it contained.”
The agency also says that a DOGE team member was granted access to a system that allowed access to personal information for more than two months, from April 9 through June 11, well after Hollander issued her order.
Perhaps most seriously, the latest filing discloses that through early March, DOGE staffers were sharing Social Security data with each other via the third party service Cloudflare, which isn’t approved for storing Social Security data and isn’t subject to the agency’s privacy protections. The data may still be out there: Because it’s an outside service, “SSA has not been able to determine exactly what data were shared to Cloudflare or whether the data still exist on the server.”
Some of this contradicts the agency’s claim on March 24 that DOGE never had access to sensitive personal data and that no data had been transferred out of the agency’s privacy-protected sandbox. As early as March 7, the agency had reason to believe that wasn’t true: That’s the day former official Tiffany Flick filed a court declaration attesting to the DOGE team’s efforts to get that access. That should have been enough to tell agency officials that giving the judge a flat denial might not have been accurate, or wise.
The latest filing demolishes the timeworn claim that DOGE was infiltrated into Social Security in order to responsibly ferret out fraud and overspending. In truth, Musk and his DOGE minions mined Social Security data possibly for private purposes, while working to undermine confidence in the program.
As I reported earlier, however, their efforts to tell it like it is were confounded by their own ignorance.
For example, Musk’s eye-raising claim at a White House press briefing in March that benefit payments are being made to people as old as 150 years was the result of DOGE’s own incompetent misreading of Social Security’s software and was easily debunked; nevertheless, Musk’s claim was repeated in exaggerated form by Trump, a zombie factoid in the war on the social safety net.
Almost nothing in the corrective filing could come as a surprise to the Social Security Administration or the Department of Justice, which filed the document on Social Security’s behalf.
On March 7, former Social Security official Flick laid out in a court declaration how the agency was invaded by know-nothing DOGE employees who ran roughshod over agency rules and procedures designed to protect the confidentiality of private personal information about beneficiaries and their family members, as required by law.
Social Security master files that DOGE demanded and may have received, Flick stated, included “information about anyone with a Social Security number, including names, names of spouses and dependents, work history, financial and banking information, immigration or citizenship status, and marital status.”
Borges, in his whistleblower declaration, wrote of being sidelined by DOGE staffers when he objected to their access to agency databases. Prevented from doing his job of overseeing privacy and security protocols, he says he was ultimately forced into resigning.
The Social Security Administration now claims that it didn’t have a grasp of actions by the DOGE team that were “potentially outside of SSA policy” or in violation of Hollander’s order until it reviewed records starting in October. It didn’t notify the Department of Justice, which is managing the government’s defense of the lawsuit over alleged privacy violations, until Dec. 10.
As for what steps Social Security officials are taking to retrieve personal data that DOGE may have sent into the world, the filing says only that “a review of the SSA DOGE Team’s actions is ongoing.”
There is no excuse for the dereliction of duty by Social Security officials in all this. Bisignano’s appointment as commissioner provoked misgivings about his suitability for the job among Social Security advocates. A former banker and CEO of a big payment processing firm, he told agency staffers, supposedly in jest, that his first move after receiving the nomination was to consult Google to find out what the job was.
He hasn’t set the Social Security world on fire since his appointment. In October, he added the post of CEO of the Internal Revenue Service to his government portfolio, raising questions about whether he has any time at all to deal with Social Security.
His silence about the latest disclosures, unfortunately, speaks volumes, none of them good. If people can’t trust Social Security to keep their privacy inviolate, confidence in the entire program may well be shattered. Sadly, that would be consistent with conservatives’ long war against this most popular and important government program, but maybe that’s what Trump has wanted all along.
The post Feds now admit DOGE accessed private data at Social Security appeared first on Los Angeles Times.
