Senate Finance leaders press SSA on data practices following DOGE court filing
Both the Republican and Democratic leaders of the Senate Finance Committee are calling on the Social Security Administration to clarify its practices for personally identifiable information after new details emerged about the so-called Department of Government Efficiency’s handling of sensitive information.
In a letter sent Tuesday to SSA Commissioner Frank Bisignano, Senate Finance Committee Chair Mike Crapo, R-Idaho, and ranking member Ron Wyden, D-Ore., wrote that a recent court filing about the then-DOGE’s team’s handling of PII at the beginning of the Trump administration is raising new questions about the scope of the group’s work at the agency.
The Justice Department in a Jan. 16 court filing revealed that an SSA records review of the agency’s former DOGE team found that “communications, use of data and other actions” were determined to be “potentially outside of SSA policy/ and/or noncompliant” with a previous court order that limited DOGE’s access to sensitive data housed in agency systems.
That order from a federal court judge was originally issued last March in a lawsuit filed by the AFL-CIO and other labor groups against the SSA over concerns about DOGE’s access to data.
The DOJ filing pointed to an instance in which DOGE members allegedly shared data through a third-party Cloudflare server that was “not approved for staffing SSA data.” SSA officials did not know that DOGE representatives used Cloudflare for this prior to the records review, the filing said.
Wyden and Crapo requested that the SSA provide staff with a briefing on the disclosure, including details on how the agency uncovered the information during its review and the steps the agency has taken or plans to take to ensure compliance with PII policies going forward.
The lawmakers also had questions about the agency’s ability to identify all the information regarding DOGE’s data use, as Congress continues to scrutinize the group.
“Since early 2025, SSA has engaged in multiple information collection efforts in response to requests from Congress and the courts, yet new information appears to have just come to light in late 2025. What steps is the SSA taking to ensure the agency will be able to identify all information needed to fully address Congressional inquiries going forward?” Crapo and Wyden wrote.
The DOJ filing quickly sparked scrutiny earlier this month, especially over a detail regarding two DOGE members’ communications with a political advocacy group. SSA’s review found a March 2025 request from this group to two DOGE members to analyze state voter rolls to find evidence of voter fraud to overturn election results, the DOJ said. One of these DOGE members, in his capacity as an agency employee, signed and sent the group a “Voter Data Agreement,” the filing added.
When reached for comment in response to Tuesday’s letter, an SSA spokesperson wrote in a statement that the agency is “committed to safeguarding the personal data of every American.”
“Our systems are continuously monitored by career professionals in accordance with federal and industry security standards,” the spokesperson added. “We will maintain engagement with Congress about our data protection efforts.”
The DOJ filing marked the latest in a string of allegations surrounding DOGE associates at the SSA. Over the summer, the agency’s former chief data officer published a whistleblower complaint alleging that DOGE associates stored a copy of the agency’s massive Numident database and uploaded it to a vulnerable custom cloud environment without authorization.
An attorney for whistleblower Charles Borges said in a statement last week that the DOJ’s filing was a concession from the federal government that his allegations were proven accurate.
