Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
kittenhoarder 3 hours ago

1) Accessed Social Security PII after a court order supposedly cut that access.

SSA told the court that all DOGE access to personally identifiable information (PII) was revoked by March 24, 2025.

That turned out to be false: a DOGE member ran PII searches the morning of March 24, stopping only around 9:30 a.m.; access was not fully cut until about noon.

2) Sent SSA data to a DOGE official outside SSA.

On March 3, 2025, an SSA DOGE member emailed an encrypted file believed to contain names and addresses of ~1,000 people to Steve Davis, a senior advisor to the U.S. DOGE organization (and a DOL employee).

The file likely contained data derived from SSA systems of record.

It is unknown whether Davis received the password or accessed it.

3) Was given PII access during the TRO even though this was barred.

One DOGE member was granted access to 10 PII databases from March 26 to April 2 (never used, but still improper).

Another received a call-center profile that could access PII from April 9 to June 11; whether PII was viewed is unknown.

4) Had broader systems access than the court was told. SSA discovered additional access that had not been disclosed earlier, including:

Systems containing SSA employee records.

Systems controlling building/IT badge access.

Shared workspaces that could pool sensitive data.

A data-visualization tool that could reach PII.

Additional data-warehouse schemas.

5) Engaged in partisan election-related work inside SSA.

In March 2025, a political advocacy group asked two DOGE members to analyze state voter rolls to try to overturn election results.

One DOGE member signed a “Voter Data Agreement” as an SSA employee with that group on March 24, without agency approval.

SSA later referred this conduct to the U.S. Office of Special Counsel for possible Hatch Act violations.

6) Used an unapproved third-party server to share SSA data.

From March 7–17, 2025, DOGE members used Cloudflare links to transfer data.

Cloudflare is not authorized for SSA data storage; SSA still does not know what data were sent or whether it remains on that server.

thegreatpeter 3 hours ago | parent [-]

Still looking for the part about leaking the entire database of SSns