DOGE Put Everyone’s Social Security Data at Risk, Whistleblower Claims

As students returned to school this week, WIRED spoke to a self-proclaimed leader of a violent online group known as “Purgatory” about a rash of swattings at universities across the US in recent days. The group claims to have ties to the loose cybercriminal network known as The Com, and the alleged Purgatory leader claimed responsibility for calling in hoax active-shooter alerts.

Researchers from multiple organizations warned this week that cybercriminals are increasingly using generative AI tools to fuel ransomware attacks, including real situations where cybercriminals without technical expertise are using AI to develop the malware. And a popular, yet enigmatic, shortwave Russian radio station known as UVB-76 seems to have turned into a tool for Kremlin propaganda after decades of mystery and intrigue.

But wait, there’s more! Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

Since it was first created, critics have warned that the young and inexperienced engineers in Elon Musk’s so-called Department of Government Efficiency (DOGE) were trampling over security and privacy rules in their seemingly reckless handling of US government data. Now a whistleblower claims that DOGE staff put one massive dataset at risk of hacking or leaking: a database containing troves of personal data about US residents, including virtually every American’s Social Security number.

The complaint from Social Security Administration chief data officer Charles Borges, filed with the Office of the Special Counsel and reviewed by The New York Times, states that DOGE affiliates explicitly overruled security and privacy concerns to upload the SSA database to a cloud server that lacked sufficient security monitoring, “potentially violating multiple federal statutes” in its allegedly reckless handling of the data. Internal DOGE and SSA communications reviewed by the Times shows officials waving off concerns about the data’s lack of sanitization or anonymization before it was uploaded to the server, despite concerns from SSA officials about the lack of security of that data transfer.

Borges didn’t allege that the data was actually breached or leaked, but Borges emphasized the vulnerability of the data and the immense cost if it were compromised. “Should bad actors gain access to this cloud environment, Americans may be susceptible to widespread identity theft, may lose vital health care and food benefits, and the government may be responsible for reissuing every American a new Social Security number at great cost,” Borges wrote.

Nearly 10 months have passed since the revelation that China’s cyberespionage group known as Salt Typhoon had penetrated US telecoms, spying on Americans’ calls and texts. Now the FBI is warning that the net cast by those hackers may have been far broader than even previously thought, encompassing potential victims in 80 countries. The bureau’s top cyber official, Brett Leatherman, told The Wall Street Journal and The Washington Post that the hackers had shown interest in at least 600 companies, which the FBI notified, though it’s not clear how many of those possible targets the hackers breached or what level of access they achieved. “That global indiscriminate targeting really is something that is outside the norms of cyberspace operations,” Leatherman told the Journal. The FBI says that Salt Typhoon’s telecom hacking alone resulted in the spies gaining access to at least a million call records and targeted the calls and texts of more than a hundred Americans.

Days after Donald Trump’s Alaska summit with Vladimir Putin, the White House moved to gut its own intelligence ranks. A senior CIA Russia analyst—29 years in service and slated for a coveted overseas post—was abruptly stripped of her clearance, The Washington Post reported. She was one of 37 officials forced out under an August 19 memo from Director of National Intelligence Tulsi Gabbard. The order listed no infractions. To colleagues, it looked like a loyalty purge. The firings have reportedly unsettled the CIA’s rank and file, sending a message that survival depends on hewing intelligence to fit the president’s views.

On Monday, Gabbard unveiled what she calls “ODNI 2.0,” a restructuring that cuts more than 500 positions and shutters or folds whole offices she deems redundant. The Foreign Malign Influence Center and the Cyber Threat Intelligence Integration Center are being pared back, while the National Intelligence University will be absorbed into the Pentagon’s defense school. Gabbard says the plan will save $700 million a year and depoliticize intelligence. Critics noted, however, a fact sheet published by Gabbard on Monday itemized only a fraction of those savings, and tjeu warned that the overhaul could hollow out the very coordination ODNI was created post-9/11 to provide—discarding expertise and leaving the intelligence fragmented at a time of escalating threats.