“Commissioner [Frank] Bisignano and the Social Security Administration take all whistleblower complaints seriously,” the company stated. “SSA stores all personal data in secure environments that have robust safeguards in place to protect vital information. The data referenced in the complaint is stored in a long-standing environment used by SSA and walled off from the Internet. High-level career SSA officials have administrative access to this system with oversight by SSA’s Information Security team. We are not aware of any compromise to this environment and remain dedicated to protecting sensitive personal data.”

The Government Accountability Project letter priced estimate a July 15 e-mail in which Moghaddassi apparently licensed the NUMIDENT cloud task. “I have determined the business need is higher than the security risk associated with this implementation and I accept all risks associated with this implementation and operation,” Moghaddassi was priced quote as stating.

Borges declares that the permission was an “abuse of authority” and “gross mismanagement,” which the production of the cloud environment possibly broke numerous federal laws. “By knowingly placing a High-Value Asset containing data on over 450 million people in an uncontrolled environment, the requestors, apparently Moghaddassi and possibly others, violated statutory duties under FISMA [Federal Information Security Modernization Act],” the letter stated.

Moghaddassi formerly worked for Elon Musk-led business Neuralink and X, and worked for DOGE at the Department of Labor, the letter stated. He ended up being the CIO of the SSA in June.

The Government Accountability Project letter likewise argues that the SSA might have breached the Computer Fraud and Abuse Act “by facilitating unauthorized access to protected computer systems. Further, Moghaddassi’s self-authorization of risk acceptance potentially violated 44 U.S.C. § 3554(b), FISMA’s requirements for continuous monitoring and risk management, by formally accepting risks that exceeded federal guidelines for protecting sensitive government information.”

Borges, a Navy veteran, has actually worked for numerous federal companies and ended up being the CDO of the SSA in January of this year. As CDO, “Borges is responsible for the safety, integrity, and security of the public’s data at SSA,” and his “position requires full visibility into data access, data exchange, and cloud-based environments used for SSA production systems,” the letter stated.