Social Security Commissioner Frank Bisignano has addressed concerns from lawmakers following whistleblower allegations that the federal agency mishandled sensitive personal data.
Newsweek has contacted the Social Security Administration (SSA) for comment via email outside regular working hours.
Why It Matters
Last week, Senate Finance Committee Chair Mike Crapo requested clarification on whether the SSA systems—including its Numident database—had been compromised. Numident is a database of Social Security applications and personal details, including the name of the applicant, place and date of birth, citizenship, race, ethnicity, parents’ names, Social Security numbers, phone numbers, and addresses.
The issue stems from an August whistleblower complaint filed by Charles Borges, the former SSA chief data officer, and the Government Accountability Project. Borges’ complaint accused SSA Chief Information Officer Aram Moghaddassi and the Department of Government Efficiency (DOGE) of violating agency policies to “create a live copy of the country’s Social Security information in a cloud environment that circumvents oversight.”
Borges also alleged that the agency failed to adequately protect personally identifiable information in a “vulnerable” cloud environment, citing poor access controls, data management and storage practices. He also said his concerns were ignored, creating a hostile workplace that led to his resignation in late August.
What To Know
In his September 10 letter regarding the matter, Crapo pressed for answers on whether the Numident database had been improperly stored or accessed.
Bisignano responded on Tuesday, writing in a letter addressed to the Senate Finance Committee chair: “I have been protecting personally identifiable information (PII) my entire career, and it has been and will continue to be my highest priority here at SSA. I appreciate the opportunity to address the concerns raised.”
He said that based on the agency’s review, Numident data had not been “accessed, leaked, hacked, or shared in any unauthorized fashion” as the whistleblower complaint said.
Bisignano said the SSA immediately reviewed Borges’ claims in August, interviewing him and bringing in senior security and legal staff. The agency’s acting chief information security officer concluded that the data was not in an unsecured cloud but in a secured, continuously monitored server, Bisignano wrote in the letter, adding that the agency first began storing SSA data in secure cloud systems in late 2015 or early 2016.
He also said the agency followed strict federal security rules, with 24/7 monitoring and risk assessments to protect personal data. On employee access, Bisignano said SSA staff were vetted, permissions were tied to job duties and multiple approvals were required before anyone could handle sensitive data. He said the Numident database had never been moved to a private cloud.
Privacy Concerns at the SSA
The privacy and security of Americans’ personal information has been a growing concern since the Trump administration allowed the DOGE team to work inside several federal agencies, including the SSA. Former officials have warned about DOGE’s access to and handling of sensitive records.