Federal lawmakers are escalating calls for accountability after court filings confirmed that personnel tied to the Department of Government Efficiency, known as DOGE, improperly shared sensitive Social Security data using an unauthorized private server. The disclosures have intensified concerns about data security inside one of the federal government’s most critical agencies and could trigger criminal investigations, internal reforms, and broader debates over how federal agencies handle personal information in the age of cloud computing and artificial intelligence.

Two senior Democratic lawmakers are urging the Justice Department to investigate what they describe as serious violations of public trust. The Social Security Administration acknowledged in a Jan. 16 court filing that DOGE staff attempted to transfer sensitive records to an unnamed advocacy group seeking to “overturn election results” and that confidential data tied to approximately 1,000 Americans had been transmitted to workers associated with Elon Musk.

“The ‘DOGE’ appointees engaged in this scheme — who were never brought before Congress for approval or even publicly identified — must be prosecuted to the fullest extent of the law for these abhorrent violations of the public trust,” said House Social Security Subcommittee ranking member John Larson, a Connecticut Democrat, and Ways and Means Committee ranking member Richard Neal, a Democrat from Massachusetts, in a joint statement.

“Elon Musk and his ‘DOGE’ believe they are above the law and refused to appear before Congress. Republicans have blocked every effort to hold this administration accountable, voting down our resolutions demanding documents, even changing House Rules to shield ‘DOGE’ from accountability and protect themselves from having to take another vote on the issue,” Larson and Neal said.

Unauthorized Cloud Usage Sparks Security Questions

The controversy centers on DOGE workers using the third party cloud service Cloudflare in March 2025, which violated established Social Security Administration security policies. According to the court filing, the agency was not aware of the cloud usage until a recent internal review uncovered the activity.

“SSA did not know, until its recent review, that DOGE team members were using Cloudflare during this period. Because Cloudflare is a third-party entity, SSA has not been able to determine exactly what data were shared to Cloudflare or whether the data still exist on the server,” according to the court filing.

That uncertainty has alarmed cybersecurity experts and privacy advocates because Social Security databases contain highly sensitive personal information including Social Security numbers, birth dates, and benefit records. Even limited exposure could increase risks of identity theft, fraud, and foreign cyber exploitation.

The court filing echoes earlier warnings raised by Chuck Borges, the former chief data officer at the Social Security Administration, who alleged in a whistleblower complaint that DOGE employees uploaded a copy of the agency’s database into a cloud environment. Borges warned that the private data of more than 300 million Americans may have been exposed. He did not respond to requests for comment following the filing.

Justice Department and Hatch Act Referrals

The Social Security Administration said it notified the Justice Department of its concerns on Dec. 10, 2025 and informed the court roughly a month later. The agency also referred two DOGE employees to the Office of Special Counsel for potential violations of the Hatch Act, which restricts political activity by federal employees and aims to prevent political influence within government operations.

“SSA is entrusted with the sensitive data of hundreds of millions of Americans, and protecting that data from illegal use must be a top priority. Anyone involved must be held accountable and the Social Security Administration must take immediate steps to ensure nothing like this can happen again,” said Nancy LeaMond, AARP’s chief advocacy and engagement officer.

The Office of Special Counsel could pursue disciplinary actions if Hatch Act violations are confirmed, while the Justice Department may evaluate whether criminal statutes related to data misuse, election interference, or unauthorized access apply.

A Tumultuous Year for the Social Security Administration

The data breach controversy comes after a difficult year for the Social Security Administration, which has undergone sweeping operational changes under DOGE oversight. The initiative was originally framed as a cost cutting and efficiency effort aimed at reducing waste, fraud, and abuse across federal agencies.

Instead, the agency has experienced leadership turnover, workforce reductions, regional office closures, and ongoing customer service challenges, particularly within its phone support systems. Beneficiaries have reported longer wait times, delayed claims processing, and inconsistent service quality.

“These disclosures come after a tumultuous year for the Social Security Administration,” analysts note, as the agency struggles to modernize systems while managing rising retiree demand and staffing shortages.

Advocacy groups warn that operational instability combined with cybersecurity lapses could undermine public trust in one of the nation’s most relied upon benefit systems.

“This week’s revelations are just the tip of the iceberg. We need to know exactly who has our data and what they are doing with it. And those who have committed illegal acts must be prosecuted,” said Alex Lawson, executive director of advocacy group Social Security Works.

The Social Security Administration did not immediately respond to requests for comment following the filing.

Broader Implications for Federal Data Security

Beyond the immediate political fallout, the case highlights deeper vulnerabilities in federal data governance as agencies increasingly rely on cloud services, automation tools, and AI driven workflows. Many federal systems still operate on aging infrastructure while simultaneously experimenting with modern digital platforms, often creating gaps in oversight and compliance.

Cybersecurity professionals have repeatedly warned that unauthorized cloud usage is one of the fastest growing vectors for data leaks, particularly when employees bypass formal approval processes. Even reputable cloud providers can become liability risks when systems are not properly monitored, encrypted, or audited.

This episode may accelerate congressional pressure for tighter cloud usage controls, expanded audit requirements, and stricter penalties for unauthorized data transfers across all federal agencies.

Political and Market Sensitivities

The controversy also intersects with broader political tensions surrounding election integrity, federal agency transparency, and the role of private sector figures in government operations. Any suggestion that government data was shared with politically motivated groups raises concerns that could trigger additional oversight hearings and legislative reforms.

For investors, the story reinforces rising cybersecurity compliance risks across government contractors, cloud infrastructure providers, and data management vendors. Companies that provide cloud services, cybersecurity software, and government IT modernization solutions may face increased regulatory scrutiny but also growing demand as agencies move to tighten security standards.

At the same time, heightened regulatory pressure could increase compliance costs for technology firms operating in regulated government environments.

What Comes Next

Lawmakers are expected to continue pressing for document releases, testimony, and independent investigations. The Justice Department’s review will determine whether criminal charges or enforcement actions follow. Meanwhile, federal agencies may be forced to reassess how they authorize cloud access, monitor employee data usage, and enforce cybersecurity policies.

For the tens of millions of Americans who rely on Social Security, the episode underscores the growing importance of data protection as benefits systems become more digitized and interconnected.

The outcome of this case could shape future rules governing how federal agencies manage sensitive data, how private technology partners interact with government systems, and how accountability is enforced when security protocols break down.