Hopefully, it will result in finally dropping use of SSNs as "secret" identifying person's identity and instead it will become an opaque ID which is safe to share.
Agreed. This could be a blessing in disguise. However, my money is on: nothing changes— it all simply keeps getting less secure, more complex and brittle until the heat death of modernity.
As I am someone from EU, please explain me what can you do with this SSN number?
I mean is it like a unique database row id which happens to be a non-changeable-lifetime password which is stored in multiple places in plain-text and you can use it to... "unlock some doors"? Make legally binding agreements remotely... ? Or what?
Or it is PII - privately identifying information which is more of a privacy issue here?
I forgot to include the background to this court case. In 2025, the Chief Data Officer of the SSA, Mr Borges, whistleblew that DOGE had unlawfully uploaded a whole copy of NUMIDENT (the SSA datastore) to an insecure server. Here is the filing from Mr Borges.
1) Accessed Social Security PII after a court order supposedly cut that access.
SSA told the court that all DOGE access to personally identifiable information (PII) was revoked by March 24, 2025.
That turned out to be false: a DOGE member ran PII searches the morning of March 24, stopping only around 9:30 a.m.; access was not fully cut until about noon.
2) Sent SSA data to a DOGE official outside SSA.
On March 3, 2025, an SSA DOGE member emailed an encrypted file believed to contain names and addresses of ~1,000 people to Steve Davis, a senior advisor to the U.S. DOGE organization (and a DOL employee).
The file likely contained data derived from SSA systems of record.
It is unknown whether Davis received the password or accessed it.
3) Was given PII access during the TRO even though this was barred.
One DOGE member was granted access to 10 PII databases from March 26 to April 2 (never used, but still improper).
Another received a call-center profile that could access PII from April 9 to June 11; whether PII was viewed is unknown.
4) Had broader systems access than the court was told.
SSA discovered additional access that had not been disclosed earlier, including:
Systems containing SSA employee records.
Systems controlling building/IT badge access.
Shared workspaces that could pool sensitive data.
A data-visualization tool that could reach PII.
Additional data-warehouse schemas.
5) Engaged in partisan election-related work inside SSA.
In March 2025, a political advocacy group asked two DOGE members to analyze state voter rolls to try to overturn election results.
One DOGE member signed a “Voter Data Agreement” as an SSA employee with that group on March 24, without agency approval.
SSA later referred this conduct to the U.S. Office of Special Counsel for possible Hatch Act violations.
6) Used an unapproved third-party server to share SSA data.
From March 7–17, 2025, DOGE members used Cloudflare links to transfer data.
Cloudflare is not authorized for SSA data storage; SSA still does not know what data were sent or whether it remains on that server.
And get there will be no justice for such egregious failures of duty and Elon will go forward to become a trillionaire. What a gaggle of idiots and fools this admin is
Not that it was already out that with past breaches. One example was the Experian breach, anyone who applied for a loan was already out there. Never mind all the other too many to count breaches that have occurred. Just now with DOGE we have 1 stop shopping.
Now that the US Gov. got to join that club we know there will be no consequences. Until execs from companies like Experian and now the US Gov. faces real Jail time, this will happen over and over.
I have not heard of a large breach from a Company for a while, are these so common that news orgs. no longer bother to report them ?
"in March 2025, a
political advocacy group contacted two members of SSA’s DOGE Team with a request to analyze
state voter rolls that the advocacy group had acquired. The advocacy group’s stated aim was to
find evidence of voter fraud and to overturn election results in certain States. "
fuoqi|24 days ago
christophilus|24 days ago
jve|24 days ago
I mean is it like a unique database row id which happens to be a non-changeable-lifetime password which is stored in multiple places in plain-text and you can use it to... "unlock some doors"? Make legally binding agreements remotely... ? Or what?
Or it is PII - privately identifying information which is more of a privacy issue here?
chirau|24 days ago
I forgot to include the background to this court case. In 2025, the Chief Data Officer of the SSA, Mr Borges, whistleblew that DOGE had unlawfully uploaded a whole copy of NUMIDENT (the SSA datastore) to an insecure server. Here is the filing from Mr Borges.
https://whistleblower.org/wp-content/uploads/2025/08/08-26-2...
garyfirestorm|24 days ago
kittenhoarder|24 days ago
SSA told the court that all DOGE access to personally identifiable information (PII) was revoked by March 24, 2025.
That turned out to be false: a DOGE member ran PII searches the morning of March 24, stopping only around 9:30 a.m.; access was not fully cut until about noon.
2) Sent SSA data to a DOGE official outside SSA.
On March 3, 2025, an SSA DOGE member emailed an encrypted file believed to contain names and addresses of ~1,000 people to Steve Davis, a senior advisor to the U.S. DOGE organization (and a DOL employee).
The file likely contained data derived from SSA systems of record.
It is unknown whether Davis received the password or accessed it.
3) Was given PII access during the TRO even though this was barred.
One DOGE member was granted access to 10 PII databases from March 26 to April 2 (never used, but still improper).
Another received a call-center profile that could access PII from April 9 to June 11; whether PII was viewed is unknown.
4) Had broader systems access than the court was told. SSA discovered additional access that had not been disclosed earlier, including:
Systems containing SSA employee records.
Systems controlling building/IT badge access.
Shared workspaces that could pool sensitive data.
A data-visualization tool that could reach PII.
Additional data-warehouse schemas.
5) Engaged in partisan election-related work inside SSA.
In March 2025, a political advocacy group asked two DOGE members to analyze state voter rolls to try to overturn election results.
One DOGE member signed a “Voter Data Agreement” as an SSA employee with that group on March 24, without agency approval.
SSA later referred this conduct to the U.S. Office of Special Counsel for possible Hatch Act violations.
6) Used an unapproved third-party server to share SSA data.
From March 7–17, 2025, DOGE members used Cloudflare links to transfer data.
Cloudflare is not authorized for SSA data storage; SSA still does not know what data were sent or whether it remains on that server.
ubercore|24 days ago
sentrysapper|24 days ago
gigatexal|24 days ago
ChrisArchitect|24 days ago
https://news.ycombinator.com/item?id=46696654
jmclnx|24 days ago
Now that the US Gov. got to join that club we know there will be no consequences. Until execs from companies like Experian and now the US Gov. faces real Jail time, this will happen over and over.
I have not heard of a large breach from a Company for a while, are these so common that news orgs. no longer bother to report them ?
trhway|24 days ago
"in March 2025, a political advocacy group contacted two members of SSA’s DOGE Team with a request to analyze state voter rolls that the advocacy group had acquired. The advocacy group’s stated aim was to find evidence of voter fraud and to overturn election results in certain States. "
mellosouls|24 days ago
jagged-chisel|24 days ago
josefritzishere|24 days ago
NedF|24 days ago
[deleted]
vikkymelani|23 days ago
[deleted]