Michelle Anderson
Assistant Inspector General for Audit
Social Security Administration
6401 Security Boulevard
Baltimore, MD 21235
I write to request that you initiate a comprehensive investigation of Department of Government Efficiency (DOGE) activities at the Social Security Administration (SSA) following concerning disclosures made by multiple whistleblowers, and by the Department of Justice (DOJ) in AFSCME v. SSA.
According to a recent DOJ filing in AFSCME v. SSA, SSA determined that prior to the TRO, a member of the SSA DOGE Team sent sensitive SSA data to Steve Davis, a DOGE colleague at the Department of Labor (DOL), and the Department of Homeland Security (DHS). SSA, while unable to access this file and verify its contents, believes it contained personally identifiable information (PII) derived from SSA systems for approximately 1,100 people. The court filing also states that SSA uncovered communications between SSA’s DOGE Team and a private partisan political advocacy group seeking to compare SSA data against state voter rolls to find evidence of voter fraud and to overturn election results in certain states. Further, a DOGE Team member signed and executed a “Voter Data Agreement” with this advocacy group that was not reviewed or approved by the proper SSA authorities. A recent HSGAC minority report also described SSA whistleblower disclosures alleging that DOGE-affiliated employees at the agency were granted permission to upload personal data on all Americans, including Social Security numbers (SSNs), to a cloud environment without any verified security controls or standard agency visibility into their use of that data.
An internal SSA risk assessment of this DOGE-initiated project determined that the likelihood of a data breach with “catastrophic adverse effect” is between 35 and 65 percent. I also write to request that you address these allegations publicly and comprehensively, and that you provide documentation to show that SSA is in compliance with applicable privacy and data security laws to ensure the American public’s data is secure.
It is your job to investigate and ensure this critical data is safe. [bold in the original]
Lambert here: This is a sternly worded letter. Most salient questions follow:
6. Why did SSA initiate a review of DOGE activities at the agency in November 2025 and what were the findings of that review? How was this review internally managed and conducted?
8. Did SSA produce Privacy Impact Assessments, updates to its System of Records, and all other documentation as required by law before initiating the transfer of NUMIDENT data for the project initiated by John Solly on June 10, 2025?
Add new comment