For much of the last year, staffers who were initially part of the Department of Government Efficiency effort improperly accessed and shared sensitive personal data on millions of Americans. The Trump administration hasn't been able to answer how much data is at risk, what it was used for or why its unprecedented efforts to consolidate data are needed.
Those questions deepened last week, when the Social Security Administration said it discovered DOGE employees at the agency secretly and improperly shared sensitive personal data last year, but once again can't verify the extent of the violations. The admission came in a court filing last Friday, Jan. 16, that made numerous corrections to testimony given by top agency officials last year in a lawsuit alleging that DOGE was illegally accessing Social Security data.
In the filing, Justice Department lawyers representing the Social Security Administration wrote that two SSA DOGE employees were referred to a federal watchdog to determine whether they violated a law barring government employees from using their job for political activity, known as the Hatch Act.
The unnamed employees secretly conferred with a political advocacy group about a request to match Social Security data with state voter rolls to "find evidence of voter fraud and to overturn election results in certain States," the filing said. It remains unclear whether any data actually went to this group.
"Based on its review of records obtained during or after October 2025, SSA identified communications, use of data, and other actions by the then-SSA DOGE Team that were potentially outside of SSA policy and/or noncompliant with the District Court's March 20, 2025, temporary restraining order," DOJ attorneys wrote.
DOGE team members also circumvented IT rules to improperly share data on outside servers, sent a password-protected file of private records to DOGE affiliates outside the agency and had the ability to see data even after a judge temporarily halted access.
In acknowledging the breaches, the Social Security Administration also repeatedly indicated it still has little knowledge of what data was shared and offers little insight into how those incidents occurred.
Plaintiffs in the lawsuit against the Social Security Administration have asked the two courts currently considering the case to incorporate the "brazen misconduct" documented in the corrected testimony."The unauthorized release of Americans' personal data represents a profound violation of public trust," said Richard Fiesta, executive director of the Alliance for Retired Americans, which is a plaintiff in the case along with unions. "Retirees, workers, and families depend on the Social Security Administration to protect their most confidential information. We have a right to know what happened to our information, who had access to it, and what it was used for."
The revelation bolsters the claims of whistleblower Chuck Borges, who alleged that DOGE staffers repeatedly violated internal SSA policies and federal laws, including a decision to copy a dataset of more than 300 million Americans' sensitive information into a virtual database without following required security protocols.
"It's disappointing to be proven right," Borges, who was the chief data officer for SSA until his resignation in August, told NPR in response to the fling. (He has also filed a separate complaint alleging that he was retaliated against for raising concerns and was forced to resign to uphold his ethical and legal obligations.) "Yes, it's validating, but it's also disappointing because it puts American public data at risk."
He said the filing needs to be "a wake-up call to Congress" to investigate what data was accessed and what it was used for. An NPR review of the filings and other statements made by DOGE affiliates shines even more light on how Social Security data was used to advance dubious claims of fraud that have influenced key Trump administration policies on immigration, benefits and election security.
This includes the Department of Justice suing 25 states, primarily run by Democrats, for refusing to turn over nonpublic voter rolls that contain sensitive data, including Social Security numbers. Those states and voting rights groups argue that the Trump administration demand violates federal privacy laws and raises questions about what the data will be used for.
"This filing shows that the government's efforts are really designed not for what they say they are — to enforce federal law — but to chase down conspiracy theories about election fraud," said Brent Ferguson, director of strategic litigation at Campaign Legal Center, a nonprofit legal center that has intervened in some of the DOJ lawsuits against states to argue that the demand for sensitive voter data is not lawful.
The Social Security Administration did not respond to NPR's requests for additional information.
How DOGE quickly obtained — and misused — sensitive data
In the first month of President Trump's return to office, the Department of Government Efficiency effort sent representatives into federal agencies and demanded unprecedented access to data. At the Social Security Administration, that included roughly 10 people tasked with reviewing what the Trump administration said was massive fraud.
On Feb. 21, a group of plaintiffs filed the lawsuit arguing that DOGE's efforts to obtain Social Security data violated the law and jeopardized the safekeeping of highly confidential information the agency keeps.
They had reason to be concerned: According to the court filings made last week, on March 3 a DOGE team member sent an "encrypted and password-protected file" with the names and addresses of roughly 1,000 people to the Department of Homeland Security, copying DOGE adviser Steve Davis and a DOGE Department of Labor employee. "Despite ongoing efforts by SSA's Chief Information Office, SSA has been unable to access the file to determine exactly what it contained," the DOJ filing admits.
From March 7 to 17, the new filing acknowledged that SSA DOGE employees were using links to share data through an unapproved third-party server. The agency also said it was unable to determine what data was shared or if it still exists, while also standing by previous testimony that IT safeguards and security protocols ensure no outside servers are integrated with SSA systems and that access to data is controlled and tracked. None of that improper activity was publicly known at the time. But on March 20, a federal judge found there was enough other evidence available to temporarily block DOGE's work, calling the virtually unfettered access to data "tantamount to hitting a fly with a sledgehammer."
Borges' whistleblower disclosure alleged that the following day, DOGE officials possibly circumvented the temporary restraining order by directing career staff to restore access for two DOGE staffers and give them even more privileges than before. Those privileges were apparently cut off by the end of March 24. Last week's court filing appeared to at least partially corroborate that claim by offering a "clarification" that one DOGE staffer was searching the agency's master database of all Social Security numbers the morning of March 24, the same day officials told the court all access had been terminated.
At the same time, other federal courts also moved to revoke improper DOGE data access at the Treasury Department, Office of Personnel Management and Department of Education. Some of the same DOGE employees at the Social Security Administration were also given additional access to systems at other federal agencies.
Real data, dubious fraud claims
One reason DOGE and the Trump administration sought sweeping access to the government's data stores was to find alleged voter fraud, reflected in a series of moves made in March 2025.
Aram Moghaddassi, a DOGE engineer at the time, was granted access to a Department of Homeland Security data system known as SAVE that is used to check foreign-born individuals' citizenship and immigration status while he was working simultaneously at DHS and SSA.
"This access is absolutely critical to get detailed immigration status for non-citizen SSNs to detect fraud and improper payments," Moghaddassi wrote to SSA officials on March 15, 2025.
Later that week, Moghaddassi wrote to the deputy chief of staff for Florida Gov. Ron DeSantis from a DHS email account asking for help with the state's voting data, according to public records obtained by the nonprofit watchdog group American Oversight.
"We're working on SAVE access for Florida law enforcement now," he wrote. "On our end, Florida voter registration and voting data would be helpful immediately to check for voter fraud."
Moghaddassi did not respond to requests for comment from NPR.
Around the same time, according to the new disclosure from the Social Security Administration, two unnamed DOGE Social Security employees were approached by an unnamed political advocacy group earlier in the month with a request to analyze state voter rolls with a goal to "find evidence of voter fraud and to overturn election results in certain States."
One of the DOGE staffers signed a "Voter Data Agreement" and sent it to the advocacy group on March 24, allegedly without the knowledge of or approval of anyone else at the Social Security Administration. The filing said the agency has not yet seen evidence that data was shared.
The next day, March 25, Trump announced an executive order directing the Department of Homeland Security and DOGE to "review each State's publicly available voter registration list" and directed the Social Security Administration to take "all appropriate action" to make SSA databases with relevant information accessible to election officials verifying voter registrations.
In the following days, Antonio Gracias, a private equity investor and ally of DOGE leader Elon Musk who was working with DOGE in the Social Security Administration, would push spurious claims about noncitizen voting and the SSA enumeration-beyond-entry, or EBE program, a process that streamlines the Social Security card process for certain categories of immigrants.
Court filings at the time indicated Gracias' work was supposed to focus on death data and reducing improper payments. The temporary restraining order was also still in effect, raising questions at the time about how he acquired that data.
Gracias was copied on Moghaddassi's request for access to SAVE data, and at a March 30 rally in Wisconsin with Musk, claimed that a sample review of Social Security data with voter rolls found noncitizens who were registered and cast a ballot.
Gracias did not respond to interview requests from NPR via his company.
In a series of media appearances in the following weeks, Gracias gave shifting numbers of alleged noncitizens discovered by DOGE, from "well over a thousand" who voted in one state to "thousands" in a handful of states. But ultimately, he told reporters at the end of April that DOGE had referred just 57 cases for prosecution, and that they "may or may not have voted."
Voting experts say the type of data cross-checking Gracias and the unnamed political advocacy group seek to do is error-prone and legally questionable.
Gracias told a podcast that his team was looking at public voter registration lists, but those typically do not include full or partial Social Security numbers, making data matching much less precise.
"DOGE has repeatedly made massive data errors," David Bier, the director of immigration studies at the libertarian Cato Institute, told NPR last year. "I have some doubts that they've discovered anything more than maybe just some poor government data quality tracking or they don't understand the data they're looking at."
Formal ties with activists focused on voter fraud allegations
The Trump administration declined to identify the political advocacy group that two DOGE staffers communicated with in a way that potentially violated the Hatch Act. But the request aligns with the goals of several prominent election denial groups that have called for the Trump administration to use its data to force states to remove ineligible voters from their rolls.
In early March, one such group, True the Vote, made public "An Appeal to DOGE: Audit the Voter Rolls" in a newsletter and on social media posts on X that tagged Musk and DOGE's account.
"We have already aggregated and normalized state voter roll data, cross-referenced against multiple sources, and made our code available on GitHub for transparency," True the Vote founder Catherine Engelbrecht wrote. "By combining DOGE's access to federal databases with our assembled voter roll information, we can efficiently identify discrepancies and work toward a cleaner, more reliable election system."
The newsletter and posts on X note, "We've received word that this message is being carried forward. Godspeed."
True the Vote filed numerous lawsuits in swing states won by former President Joe Biden in 2020 making unsupported claims of election fraud and played a role in supplying data for the 2000 Mules documentary that was later pulled from the market and resulted in an apology from its creator, Dinesh D'Souza, for falsely accusing a Georgia man of voter fraud.
Englebrecht and True the Vote did not respond to multiple requests for comment from NPR.
Federal officials have also held meetings with activists who were involved in helping Trump try to overturn the 2020 election results. In June, a DHS official gave an online briefing to activist Cleta Mitchell's group, Election Integrity Network, about changes the Trump administration was making to the SAVE data system to identify noncitizens on state voter rolls — before details had been shared publicly.
Other figures who were involved in attempts to overturn the 2020 election results now serve in the administration. They include Pennsylvania activist Heather Honey, whose flawed research into the 2020 election was cited by Trump during his speech on the Ellipse on Jan. 6, 2021. She is now serving as the deputy assistant secretary for elections integrity at the Department of Homeland Security. Former Georgia Republican Party official Marci McCarthy, who pushed debunked claims about the state's voting machines, is the director of public affairs for CISA, the Cybersecurity and Infrastructure Security Agency.
For his part, the president continues to repeat the false claim that the 2020 election was rigged — as recently as Wednesday during his speech at the World Economic Forum in Davos — and said "people will soon be prosecuted for what they did."
DOGE's data has driven key Trump policies
The unprecedented push to consolidate data access by DOGE, the Trump administration's use of that data to justify policy changes, and what judges have said to be violations of privacy laws, extends beyond voting and Social Security.
In the year since Trump returned to office, DOGE has funneled disparate data from federal agencies in service of the administration's aggressive immigration enforcement crackdown.
The administration's efforts include taking steps to share sensitive Medicaid and IRS data with the Department of Homeland Security (though a federal court has blocked most IRS data sharing for now), as well as overhauling the SAVE data system into a centralized national citizenship tool that links to Social Security Administration records and is currently being expanded to include driver's license information. Borges, the SSA whistleblower, said after the Supreme Court lifted the ban on DOGE access at the Social Security Administration on June 6, DOGE employees transferred a live copy of the country's Social Security database into a cloud server without independent security controls, and Moghaddassi authorized its operation.
Borges resigned on Aug. 29. Soon after, Moghaddassi was publicly announced as the agency's co-chief information officer. As recently as Jan. 18, he was listed as the SSA's representative to the Chief Information Officers Council, but his name has since been removed from that website.
By mid-August, SAVE was updated to allow officials to check whether people are citizens or listed as deceased in federal records using name, date of birth and just the last four digits of a Social Security number. DHS has encouraged states to use SAVE to identify noncitizens on their voter rolls. NPR has reported instances of U.S. citizens being erroneously flagged by the tool since its rollout.
As for Borges, he hopes the American people will get full answers about what happened with their Social Security data. He told NPR that the data the agency maintains "is a very, very complete record of everybody's personal information" that can include clues to help identity thieves and bad actors. "And so that, if it were to get out, it would be a catastrophic risk to the American public."
He added, "The cavalier way in which they're treating this data is honestly quite appalling to me."
Copyright 2026 NPR
