This isn't a hack. It's worse than a hack.
Most data breaches involve criminals breaking through a firewall. What happened at the Social Security Administration is something different — and far more dangerous. According to a whistleblower complaint now under active investigation by the SSA's own Inspector General, a former DOGE software engineer allegedly copied databases containing the personal records of nearly every living American onto a personal thumb drive and walked out the door.
We're not talking about a partial breach of one company's customer database. The NUMIDENT database — the target of these allegations — contains Social Security numbers, dates of birth, birthplaces, and parents' names for essentially every person who has ever been assigned a Social Security number in the United States. That's you. Your parents. Your kids.
The SSA's Inspector General notified congressional committee leaders on March 6, 2026 that it is reviewing an anonymous complaint about "potential misuse of SSA data by a former DOGE employee." Senator Ron Wyden didn't mince words, calling the allegations a description of "one of the largest known data breaches in American history."
The SSA OIG has confirmed the investigation is open. Congressional oversight committees have been formally notified. The Washington Post first reported that the former DOGE engineer allegedly claimed "God-level access" to SSA systems and retained data on a personal device intended to be shared with a private-sector employer. You do not need to wait for official notification to protect yourself.
What was allegedly taken — and why it matters for your credit
Your Social Security number is the master key to your financial life. With your SSN and date of birth — both allegedly included in this dataset — a bad actor can:
- 01Open new credit accounts in your name — cards, personal loans, auto loans, even mortgages. Every fraudulent account tanks your credit score and takes months or years to dispute off your report.
- 02File a fraudulent tax return claiming your refund before you do. IRS resolution averages 21 months. Your refund is frozen the entire time.
- 03Sell your data on the dark web to other criminals — meaning even if one fraudster is stopped, your information keeps circulating indefinitely.
- 04Manipulate the Death Master File — the companion database allegedly also accessed — to have you flagged as deceased, which can freeze your credit, bank accounts, and benefits overnight.
The "God-level access" claim is the part that should terrify you
This isn't just about what was allegedly already taken. The whistleblower complaint includes the allegation that the former DOGE engineer claimed to still possess "God-level" access to Social Security Administration systems — meaning the ability to edit and manipulate data at will, even after leaving government employment.
"Once that data has left the building, you cannot close Pandora's box again. The consequences could be generational."
— Former SSA Chief Data Officer Charles Borges, on the scope of the breach allegations
The SSA responded that "the allegations by a singular anonymous source have been strongly refuted by all named parties." But Congress isn't satisfied. Democratic and Republican lawmakers alike have demanded answers, and the Inspector General's investigation is ongoing. The OIG declined further comment to protect the integrity of the probe.
Here's the hard truth: whether or not every allegation turns out to be true, the responsible move — the only move — is to act as if your data is already compromised. Because earlier SSA disclosures from January 2026 confirmed that DOGE employees did improperly share sensitive personal data in 2025, and that the SSA could not verify the full extent of the violations.
Your NMD action plan — do this today, not tomorrow
Credit freezes are free. IRS IP PINs are free. Fraud alerts are free. There is no excuse to wait. Here's the exact playbook:
| Action | Where | Time | Priority |
|---|---|---|---|
| Freeze your credit at all 3 bureaus | Equifax, Experian, TransUnion websites | 15 min total | Do First |
| Get an IRS Identity Protection PIN | IRS.gov/ippin | 10 min | Do First |
| Freeze your credit at ChexSystems & NCTUE | ChexSystems.com, NCTUE.com | 10 min | This Week |
| Place a fraud alert at any one bureau (auto-spreads) | Any major bureau | 5 min | This Week |
| Pull all 3 free credit reports and scan for new accounts | AnnualCreditReport.com | 20 min | This Week |
| Set up SSA "my Social Security" account before someone else does | ssa.gov/myaccount | 10 min | This Month |
Don't just freeze your credit at Equifax, Experian, and TransUnion. Also freeze at LexisNexis, Innovis, and SageStream. Lenders, insurance companies, and landlords use these alternative bureaus — and most people never think to freeze them. A credit freeze at the Big 3 does nothing to stop someone from opening an account with a lender that pulls LexisNexis instead.
Already seeing fraud? Here's how to fight back fast
If you check your credit reports and find accounts you didn't open, move immediately. Under the FCRA, you have the right to block fraudulent accounts from your credit report with a single identity theft report. Here's the sequence:
- 1File an identity theft report at IdentityTheft.gov (FTC). This generates a legal document you can use to dispute every fraudulent account.
- 2Submit the FTC report to each bureau with a dispute requesting Section 605B block of fraudulent accounts. Bureaus must comply within 4 business days.
- 3Contact each creditor directly with the FTC report. Request immediate closure and confirmation that they will not collect on the fraudulent account.
- 4File a police report if the fraud is significant. Some creditors require it and it strengthens your legal position if the matter escalates.
- 5Use ScoreBoost by NMD to track your dispute progress, monitor for new fraud, and get step-by-step guidance through the whole process.
This investigation is ongoing — but your exposure is real right now. The SSA itself confirmed DOGE employees shared sensitive data improperly in 2025. A whistleblower says it went much further. Either way, a credit freeze costs you nothing and protects everything. Do it today. The 20 minutes you spend now is nothing compared to 21 months fighting IRS fraud or years disputing accounts off your credit report.
ScoreBoost by NMD Has Your Back
Get AI-powered credit monitoring, dispute guidance, and identity protection tools built for exactly this moment. Don't wait for a fraud alert letter — be ahead of it.