Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
DOGE Accused of Creating Live Copy of the Country’s Social Security Information in Unsecured Cloud Environment

DOGE Accused of Creating Live Copy of the Country’s Social Security Information in Unsecured Cloud Environment

Posted on August 27, 2025August 27, 2025 By CWS

A whistleblower disclosure filed immediately alleges that the Division of Authorities Effectivity (DOGE) inside the Social Safety Administration (SSA) covertly created a stay copy of the nation’s total Social Safety dataset in an unsecured cloud surroundings. 

Chief Information Officer Charles Borges warned that, if malicious actors achieve entry, over 300 million Individuals may face id theft, lack of vital advantages, and the monumental activity of re-issuing each Social Safety quantity.

Key Takeaways1. DOGE copied 300M SSNs into an unsecured AWS cloud.2. An automatic ETL pipeline synced stay SSN knowledge regardless of a court docket order.3. The lapse dangers mass id theft and calls for zero-trust safety.

Allegations of Unsecured Cloud Storage

In response to the protected disclosure submitted to the U.S. Workplace of Particular Counsel, DOGE officers bypassed customary Data Safety and Compliance (ISC) controls, together with encryption-at-rest, role-based entry management (RBAC), and steady audit logging, when provisioning a cloud occasion containing stay Social Safety Quantity (SSN) data. 

Borges notes that neither unbiased vulnerability assessments nor penetration checks have been performed earlier than spinning up the Amazon Net Providers (AWS) S3 bucket storing PII, nor have been strict Identification and Entry Administration (IAM) insurance policies enforced. 

The cloud surroundings lacked multi-factor authentication (MFA) on API endpoints and didn’t make use of a safe key administration service (KMS), rendering the SSN repository susceptible to credential stuffing or API key leakage.

Courtroom data present {that a} lawsuit filed in March 2025 resulted in a short lived restraining order stopping DOGE from accessing manufacturing SSN methods till June 6, 2025. 

Nevertheless, inside logs reviewed by Borges point out that DOGE engineers continued to synchronize knowledge through an automatic ETL pipeline—utilizing Python scripts and the SSA’s inside RESTful APIs, successfully cloning the stay database exterior SSA’s Safety Operations Middle (SOC).

Borges claims that DOGE’s actions represent severe mismanagement and abuse of authority by bypassing the SSA’s Change Administration Board (CMB) and violating federal Cloud Safety recommendation (NIST SP 800-144).  

“This operation not solely breaches the Privateness Act but additionally exposes the general public to a major cyber-attack floor,” Borges wrote in his inside memo. 

One SSA govt reportedly acknowledged the chance, stating that the company may have to re-issue SSNs en masse ought to the info be compromised.

Andrea Meza, counsel for the whistleblower, urged Congress and the Workplace of Particular Counsel to launch rapid oversight. 

She emphasised that mitigation measures equivalent to imposing zero-trust structure, rotating entry keys, and deploying real-time intrusion detection methods (IDS) have to be carried out directly to guard Individuals’ most delicate identifiers.

Cyber Security News Tags:Accused, Cloud, Copy, Countrys, Creating, DOGE, Environment, Information, Live, Security, Social, Unsecured

Post navigation

Previous Post: Blind Eagle’s Five Clusters Target Colombia Using RATs, Phishing Lures, and Dynamic DNS Infra
Next Post: Salesloft OAuth Breach via Drift AI Chat Agent Exposes Salesforce Customer Data

Related Posts

CISA Warns of Citrix Netscaler 0-day RCE Vulnerability Exploited in Attacks CISA Warns of Citrix Netscaler 0-day RCE Vulnerability Exploited in Attacks Cyber Security News
Threat Actors Actively Hacking Websites to Inject Malicious Links and Boost their SEO Threat Actors Actively Hacking Websites to Inject Malicious Links and Boost their SEO Cyber Security News
WebRAT Malware via GitHub Repositories Claim as Proof-of-concept Exploits to Attack Users WebRAT Malware via GitHub Repositories Claim as Proof-of-concept Exploits to Attack Users Cyber Security News
WhatsApp’s New Username Feature Enhances Privacy WhatsApp’s New Username Feature Enhances Privacy Cyber Security News
Threat Modeling for DevSecOps Practical Guide Threat Modeling for DevSecOps Practical Guide Cyber Security News
Microsoft Unveils a New Tool to Migrate from Slack to Microsoft Teams Microsoft Unveils a New Tool to Migrate from Slack to Microsoft Teams Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Phishing Campaign Exploits AnyDesk for Espionage
  • GitLost Flaw Exposes GitHub Repos via AI Workflow
  • VECT and TeamPCP: Unveiling the Ransomware Supply Chain Strategy
  • Global Expansion of Gentlemen Ransomware Threats
  • Critical Flaw in Google Dialogflow CX Exposed

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Phishing Campaign Exploits AnyDesk for Espionage
  • GitLost Flaw Exposes GitHub Repos via AI Workflow
  • VECT and TeamPCP: Unveiling the Ransomware Supply Chain Strategy
  • Global Expansion of Gentlemen Ransomware Threats
  • Critical Flaw in Google Dialogflow CX Exposed

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark