The Senate Finance Committee’s top Democrat and Republican want answers on how the Social Security Administration (SSA) secures its data after a court filing revealed that the Department of Government Efficiency (DOGE) may have improperly handled sensitive personal data.
“As Chairman and Ranking Member of the Senate Committee on Finance, which has sole Senate jurisdiction over the Social Security program, we take very seriously the SSA’s stewardship of any personally identifiable information (PII) in its purview,” Sens. Mike Crapo, R-Idaho, and Ron Wyden, D-Ore., wrote to Social Security Commissioner Frank Bisignano in a letter sent Wednesday.
“The latest disclosures raise numerous questions about the scope of the then-DOGE Team’s activities, primarily during the first few months of 2025,” the letter continued.
Last year, reports of improper procedures called into question DOGE’s data handling and access across federal agencies. Those concerns surfaced again with a Jan. 16 court filing, which made numerous corrections to testimony given by top SSA officials last year in a lawsuit that alleged DOGE illegally accessed Social Security data.
The new filing stated that “SSA identified communications, use of data, and other actions by the then-SSA DOGE Team that were potentially outside of SSA policy” and noncompliant with a temporary restraining order (TRO) issued by a federal judge last March. That TRO blocked DOGE access to any SSA system containing PII.
The corrected testimony revealed that two SSA DOGE employees were referred to a federal watchdog to determine whether they broke the Hatch Act – a law preventing government employees from using their job for political motives – after they agreed to a request from a political advocacy group to match Social Security data with state voter rolls.
That request was made to “to find evidence of voter fraud and to overturn election results in certain States,” the filing said, though Justice Department lawyers representing SSA could not verify whether that data was shared.
The new court document also stated that DOGE SSA team members shared data through an unapproved third-party server in early March 2025, and that SSA has been unable to determine what data was transferred or whether it still exists.
An internal SSA review also flagged post-TRO instances where team members were granted access to systems containing PII. An encrypted file likely containing the names and addresses of about 1,000 people was emailed to outside advisers, though SSA said it can’t confirm whether it was opened.
In response to the new information, Crapo and Wyden requested that SSA brief Senate Financial Committee staff and provide written answers to questions by Feb. 10 on how the agency plans to tighten controls over the collection, handling, and use of PII.
The senators also asked SSA to explain how an employee was able to share data with an outside organization without apparent oversight; what information may have been accessed or disclosed; and what safeguards will prevent a repeat.
Last summer, Chuck Borges, the former chief data officer at SSA, published whistleblower claims that alleged systemic data security violations, unlimited access to highly sensitive environments, and potential violations of SSA security protocols and federal privacy laws. Bisignano denied those allegations in a letter to Congress in September.
A recent statement from Borges’ attorney said, the new court filing proved “that many of Mr. Borges’ allegations are accurate.”
In an emailed statement shared with MeriTalk, an SSA spokesperson said that the agency “is committed to safeguarding the personal data of every American,” and added that it “will maintain engagement with Congress about our data protection efforts.”