From the Washington Post:
The Social Security Administration’s internal watchdog is investigating a complaint that alleges a former U.S. DOGE Service employee claimed he had access to two highly sensitive agency databases and planned to share the information with his private employer — a claim that, if true, would constitute an unprecedented breach of security protocols at an agency that serves more than 70 million Americans. …
According to the disclosure, the former DOGE software engineer, who worked at the Social Security Administration last year before starting a job at a government contractor in October, allegedly told several co-workers that he possessed two tightly restricted databases of U.S. citizens’ information, and had at least one on a thumb drive. The databases, called “Numident” and the “Master Death File,” include records for more than 500 million living and dead Americans, including Social Security numbers, places and dates of birth, citizenship, race and ethnicity, and parents’ names. The complaint does not include specific dates of when he is said to have told colleagues this information, but at least one of the alleged events unfolded around early January, according to the complaint. While working at DOGE, the engineer had approved access to Social Security data.
According to the complaint, he allegedly told the whistleblower that he needed help transferring data from a thumb drive “to his personal computer so that he could ‘sanitize’ the data before using it at [the company.]” The engineer told colleagues that once he had removed personal details from the data, he wanted to upload it into the company’s systems. He told another colleague, who refused to help him upload the data because of legal concerns, that he expected to receive a presidential pardon if his actions were deemed to be illegal, according to the complaint. ….
The whistleblower filed the complaint with the inspector general in January. When The Post contacted the agency and the company in January, both said they had not heard of the complaint. Both said they subsequently looked into the allegations and did not find evidence to confirm the claims. The company said it had conducted a “thorough” two-day internal investigation and concluded the assertions were unsubstantiated. Reached this week, both declined further comment. …
Yes, of course I trust the investigation. It is being performed by SSA’s OIG, a well-respected division of workers and some of the best to have look into it. Hardly a group of ethical slouches, as (yet another) sensational headline suggests.
ReplyDeleteThose of us with strong reading comprehension skills can readily see that he’s referring to the company’s purported investigation into misconduct that was allegedly intended to benefit that very company.
DeleteI trust the competence and objectivity of the OIG agents on the case. I don't trust the political weasels that will be packaging-slash-burying their report.
ReplyDeleteSounds like SSA should be purchasing lifetime credit monitoring and identity protection services for every enumerated individual. This individual and company that has this data should be prosecuted to the fullest of the law.
ReplyDeleteNah. All our crap has already been leaked. No one cares and fraud is quite rare.
DeleteSo the question is whether the Agency that broke every normal IT access standard in existence in order to give unethical temporary employees access to data they shouldn't have access to will then do a thorough investigation into whether they allowed the largest data security breach in the history of the world to happen or not?
ReplyDeleteFat chance.
The legal and fiduciary implications of admitting wrongdoing sank this investigation before it ever happened and quite frankly, the whistleblower should have documented and sat on this information until an administration with integrity took over. This will end up in the bucket of the other 10,000 things this administration did wrong and never resurface.
https://youtube.com/shorts/bpVzi4MhQi8?si=Nk1PnMzaCpB6yZ3K
ReplyDelete