On Friday, Chuck Borges, the chief data officer at the Social Security Administration (SSA), sent a resignation email to his colleagues, stating he had been forcibly removed from his position following a whistleblower complaint. Borges alleged that the SSA was mishandling sensitive agency data, which prompted his complaint earlier that week.
In his resignation letter obtained by WIRED, Borges expressed regret over his departure, stating it was involuntary due to actions taken against him by the SSA that made it impossible for him to fulfill his duties legally and ethically. Shortly after the email was sent, it vanished from employee inboxes, raising questions about its sudden disappearance. Some SSA staff speculated that it was removed because it contained critical remarks about agency leadership.
According to the Federal Records Act of 1950, agencies are typically required to maintain internal records, including emails. Despite this, Borges’ email was reported missing for an unknown reason, and it remains unclear if it was ever restored.
Borges’ resignation comes just days after he lodged a whistleblower complaint with the U.S. Office of Special Counsel. In that complaint, he accused the Department of Government Efficiency (DOGE) of improperly uploading sensitive SSA data, including information related to millions of Social Security numbers, to an unsecure cloud server. Such actions, he argued, violate laws and expose sensitive data to potential breaches.
In his resignation correspondence, Borges detailed alarming projects and incidents that he claimed could lead to violations of federal statutes and regulations. He emphasized concerns that sensitive data could be accessed unauthorized or improperly shared with other agencies.
The SSA has defended its data security practices. In a statement, SSA spokesperson Nick Perrine asserted that the data in question was stored in secure environments with robust safety measures to prevent unauthorized access.
Borges’ complaint included evidence indicating that a DOGE affiliate had instructed an SSA employee to transfer vital data from a master database to a virtual private cloud managed by Amazon Web Services. He cited this action as a significant breach of protocol.
As of now, requests for comments from Borges and the SSA regarding this incident have gone unanswered.
