A former member of the Department of Government Efficiency (DOGE) at the Social Security Administration (SSA), John Solly, is at the center of allegations that he attempted to transfer sensitive SSA data—including personally identifiable information from the Numerical Identification System (NUMIDENT) and the “death master file”—to his new employer, Leidos, a major government contractor. The claims surfaced in a whistleblower complaint earlier this year, though Solly and Leidos deny any wrongdoing.
The controversy underscores growing concerns about data security within federal agencies and the potential for misuse of citizens’ private information. The SSA maintains NUMIDENT, a database containing comprehensive details from Social Security applications, including names, birth dates, and even racial identity. The “death master file” contains records of deceased individuals to prevent fraud, yet both datasets are extremely valuable to malicious actors if compromised.
The Allegations
According to the complaint, Solly allegedly stored SSA data on a thumb drive with the intention of sharing it with Leidos, which has secured billions in SSA contracts. He reportedly told coworkers that he expected a presidential pardon if his actions were unlawful. Solly’s personal website and LinkedIn profile have since been taken offline.
Both Solly, through his legal counsel, and Leidos have vehemently denied the accusations. Leidos conducted an internal investigation, including digital forensics, and claims no SSA data was found on their networks. They also state that Solly never used a storage device on his company-issued laptop. The SSA echoes these denials, asserting that the allegations are untrue and that the agency is focused on its digital transformation.
The Bigger Picture
This incident isn’t isolated. Last August, the SSA’s chief data officer, Chuck Borges, filed a separate complaint accusing DOGE of uploading SSA data to an unsecured cloud server. Borges resigned shortly after, citing obstruction of his duties. The DOGE team has been accused of questionable practices, including moving Social Security numbers of immigrants into the “death master file” to restrict their legal status.
These actions raise serious questions about oversight and accountability within DOGE. The unit’s rapid expansion within the US government in early 2025 has been met with scrutiny, and some contracts were later cut. The SSA has been modernizing its digital infrastructure, including the development of EDEN (Enterprise Data Exchange Network), an API system for real-time Social Security number verification. EDEN, while intended for fraud detection, could potentially be used to share SSA data with other agencies.
Data Sharing and Future Risks
The SSA already shares data with other federal entities. William Kirk, the Small Business Administration’s inspector general, testified in February about expanding data-sharing agreements, including through the SSA’s EDEN. The expansion of such systems increases the risk of breaches and misuse of sensitive information.
The allegations against Solly highlight a fundamental tension: the need for data sharing to combat fraud versus the imperative to protect citizens’ privacy. Without stricter controls and independent oversight, these risks will only grow as more federal agencies integrate sensitive databases.
The matter remains under investigation, but the incident underscores the vulnerability of US government data in an era of rapid technological expansion.
