revelation article

I don’t think there’s a lot of money to be made in the com,” Rivage lamented. “I’m not buying Heztner [servers] to set up some com VPN.”

May 11, 2024,

The code, using outdated and inexpensive AI models, produced results with glaring mistakes. For instance, it hallucinated the size of contracts, frequently misreading them and inflating their value. It concluded more than a thousand were each worth $34 million, when in fact some were for as little as $35,000.

The Disaster Relief Fund portion of FEMA has migrated their financial management to FEMA GO as well, meaning DOGE has the names, addresses, and social security numbers for anyone who has applied for disaster relief, according to sources within FEMA.

But some of the datasets that Schutt is included in are much more concerning than normal data breaches because they're from stealer logs

But he also might have gotten hacked within the last few months.

If the chairs of congressional committees are not interested in holding hearings that take a serious look at the administration’s actions, the minority members should hold their own oversight panels. This will help shine a spotlight on corruption or abuse of power in the executive branch and put pressure on the administration to act in accordance with the law.

Passing a recissions package does not count — that lets the administration steer the ship when Congress should be behind the wheel.

Indeed, former SSA Acting Commissioner Michelle King resigned in February after refusing to hand over unprecedented amounts of sensitive, protected information—

nterprise Data Warehouse, Numident, Master Beneficiary Record, and Supplemental Security Record.

Beginning around March 14, 2025, DOGE officials were given improper and excessive access to multiple schemas and databases inside the Enterprise Data Warehouse (EDW),

PSNAP and SNAP MI

Additionally, these profiles concerningly included equipment pin access and write access. 36 Equipment pin access means that instead of a user accessing data through a personal pin identifier, which would make the accessor’s actions traceable to a user, an equipment pin i

March 17, 2025, the EDW team discovered that users had been given access to data that was reportedly not authorized through normal approval channels. 38

March 20, 2025, the Social Security Administration received the TRO prohibiting DOGE and its affiliates from access to SSA’s data and revoked VPN access accordingly. 39 The following day, on Friday, March 21, 2025, the EDW team initially complied with proper procedures by revoking data access through the established SAM request process. 40 However, within 24 hours of the court-ordered revocation, DOGE officials appeared to have circumvented the judicial mandate. On the evening of Friday, March 21, 2025, according to information later received by Mr. Borges, senior career EDW officials who have system administrative privileges received instructions to undo the court-ordered access restrictions for two DOGE employees. 41

the requested access was for new and expanded privileges beyond the privileges that were in place at the time of the TRO, totaling forty-two different profiles, including specifically identified privileges that should not have been granted.

This emergency restoration of access raises concerns that the TRO may have been violated and may have also violated federal statutes, potentially including: 18 U.S.C. § 1030 (Computer Fraud and Abuse Act) by facilitating unauthorized access to protected computer systems; 5 U.S.C. § 552a (Privacy Act of 1974) by providing unauthorized access to systems of records containing personally identifiable information without proper justification or approval; 44 U.S.C. § 3551 et seq. (Federal Information Security Modernization Act) by circumventing established security controls and procedures designed to protect federal information systems; 5 U.S.C. Appendix (Inspector General Act) as proper oversight procedures were systematically bypassed, potentially impeding the Inspector General's ability to conduct effective audits and investigations of the agency's operations; and potentially constituted 18 U.S.C. § 371

(Conspiracy) to circumvent a federal court order.

On June 10, 2025, John Solley asked SSA CIO professionals to create a cloud environment 46 to which SSA’s Numerical Identification System or “NUMIDENT” data could be transferred. 47 T

On June 11, 2025, the request appeared to have changed to a request to transfer NUMIDENT to a test environment.

ater that morning, it became clear that DOGE’s request again changed, at this point, they wanted full administrative access to the cloud environment.

ne 10-11 request to have administrative access to “their own Virtual Private Cloud (VPC, “cloud”) within the SSA Amazon Web Services – Agency Cloud Infrastructure (AWS-ACI).”

he requested VPC project does not have an “Authority to Operate (ATO)” 54 to ensure proper security controls are in place;

evelopers (presumably DOGE) planned to import NUMIDENT into the cloud, and because AWS-ACI is an extension of the SSA network, any other SSA production data and PII could also be imported; “unauthorized access to the NUMIDENT would be considered catastrophic impact to SSA beneficiaries and SSA programs” (emphasis added);

Because (DOGE) developers, and not DIS, would have administrative access to this cloud, developers would be able to create publicly accessible services, meaning that they would have the ability to allow public access to the system and therefore the data in the system;

ranting (DOGE) developers administrative access would allow them to initiate any AWS service though agency policy required that only DIS could manage such services, meaning that the developers could install services in the cloud not approved for government use. 55

he risk assessment recommended that the cloud project 1) not use production data, 2

irst, whether DOGE could have administrative access to the requested cloud environment, and second, whether NUMIDENT production data should be moved to this cloud environment.

On June 24, 2025, CIO professionals confirmed that DOGE was given administrative access to the cloud. 60

On June 25, 2025, CIO officials elevated a further developed request to Michael Russo. 61 At this point, it appeared that John Solly was requesting that NUMIDENT production data be copied from an environment managed by DIS, per policy, to the DOGE specific cloud environment that lacked independent security controls, and that this requested access bypassed proper SAM protocol.

In late June 2025, it was reported to Mr. Borges that no verified audit or oversight mechanisms existed over the DOGE cloud environment set up outside of DIS control, and no one outside the former DOGE group had insight into code being executed against SSA’s live production data

On July 15, 2025, Aram Moghaddassi authorized a “Provisional Authorization to Operate” apparently for the NUMIDENT cloud project stating, “I have determined the business need is higher than the security risk associated with this implementation and I accept all risks associated with this implementation and operation.”

Moghaddassi circumvented independent security monitoring and authorized himself to “assume the risk” of holding a copy of the American public’s social security data in a potentially unsecured cloud environment. In reality, it is the American people who assume the risk.

Placing production NUMIDENT data in cloud environments without independent security controls violates these maintenance requirements. This action also potentially violated 18 U.S.C. § 1030, the Computer Fraud and Abuse Act, by facilitating unauthorized access to protected computer systems.

On August 6, 2025, Mr. Borges made internal disclosures to his superiors regarding the concerns outlined above. In that discussion, Mr. Borges commented that re-issuance of Social Security Numbers to all who possess one was a potential worst case outcome, and one of his superiors noted that possibility, underscoring the risk to the public.

On August 11, 2025, Mr. Borges contacted Edward Coristine, John Solly, and Mickie Tyquiengco, the Executive Officer in the OICO Front Office, to request information about data security concerns including: • The safety of SSA datasets in the cloud, particularly the AWS based VPCs between June and July 2025, which would encompass the NUMIDENT cloud project initiated by John Solly on June 10, 2025;

That same day, in response to Mr. Borges’ August 8, 2025 request for information about concerns raised, a CIO employee confirmed that while two cloud access accounts owned by Aaram Moghaddassi were created per SSA policy, they are not managed by the Division of Infrastructure Services (DIS), are self-administered, and include access to both test and live data environments. 67

serves to support Mr. Borges’ reasonable belief that the creation of the DOGE specific, self-administered cloud environment lacking independent security controls and hosting a copy of NUMIDENT constitutes an abuse of authority, gross mismanagement, substantial and specific threat to public health and safety,

Moreover, to date, Mr. Borges has not received a response to his August 7, 2025 request for information from Coristine

Furthermore, Mr. Borges is aware that the Office of General Counsel has advised employees not to respond to his inquiries.

If we are concerned about the security and privacy of Americans’ sensitive data, we need a hearing examining the myriad ways that DOGE is violating cybersecurity and privacy laws and making our personal information easier to steal or use against us.

This perfect storm leaves Americans’ sensitive data vulnerable to breaches, exploitation, and surveillance.  Americans—not private companies, hackers, or Elon Musk and DOGE—deserve to own their data and make the decision about how, where, and if their sensitive information is used.

The governments of the People’s Republic of China, the Russian Federation, North Korea, and Iran conduct persistent cyberattacks against the United States.  China’s President Xi Jinping has made clear that dominating the AI race and achieving global supremacy in biotechnology are critical to future geopolitical power, and obtaining vast troves of Americans’ sensitive data is a key component of his strategy.

Failing to safeguard Americans’ data from these hostile actors would not only be a critical violation of privacy but also a national security catastrophe.

The Administration has spent the past five months weakening our leading cybersecurity and consumer protection agencies and purging the federal watchdogs who ensure government works for the people’s interests.

Its broad mandate across government, seemingly nonexistent oversight, and the apparent lack of operational competence of its employees have demonstrated that DOGE could create conditions that are ideal for cybersecurity or data privacy incidents that affect the entire nation.

These include systems that process all federal payments, including Social Security, Medicare and the congressionally appropriated funds that run the government and its contracting operations.

DOGE has given conflicting information about what data it has accessed, who has that access, and most importantly — why.

In one order last week blocking DOGE's access to Social Security data, U.S. District Judge Ellen Lipton Hollander of Maryland said the government "never identified or articulated even a single reason for which the DOGE Team needs unlimited access to SSA's entire record systems, thereby exposing personal, confidential, sensitive, and private information that millions of Americans entrusted to their government."

On Monday, a federal judge in Maryland temporarily halted DOGE from accessing data of millions of union members in a lawsuit against the Office of Personnel Management, the Treasury Department and Education Department after finding the agencies shared private information with DOGE affiliates "who had no need to know the vast amount of sensitive personal information to which they were granted access."

In the Social Security Administration lawsuit, Hollander found several DOGE staffers "were granted access to SSA systems before their background checks were completed or their inter-agency detail agreements were finalized." One of those is Bobba, who was given access to the master data warehouse at SSA that includes the Master Beneficiary Record, Supplemental Security Record and Numident files containing "extensive information about anyone with a social security number," according to filings in the case.

Not even lawyers for the government can account for when and how DOGE staffers received access to sensitive databases. In a Labor Department lawsuit, Judge John D. Bates notes that "defendants themselves acknowledge inconsistencies across their evidence" regarding DOGE

sent an email with a spreadsheet containing PII to two United States General Services Administration officials," according to an audit of his email account submitted in one court filing.

"a real possibility exists that sensitive information has already been shared outside of the Treasury Department, in potential violation of federal law."

Officials were given hours to fire hundreds of employees, and workers were shut out of email as termination notices arrived. The terminations were part of a broader group of dismissals at the Department of Energy, where reportedly more than a thousand federal workers were terminated.

civilian agency that conducts a wide variety of nuclear security missions, including servicing the nation's nuclear weapons when they're not on missiles and bombers, and making extensive safety and security upgrades of the warheads.

Some workers were responsible for making sure emergency response plans were in place at sites like a giant facility in Texas, where thousands of dismantled warheads are stored. Others worked to prevent terrorists and rogue nations from acquiring weapons-grade plutonium or uranium. Many had "Q" clearances, the highest level security clearance at the Department of Energy.

In the final days leading up to the firings, managers drew up lists of essential workers and pleaded to keep them.

Multiple current and former employees at the agency told NPR that scores of people were notified verbally they were fired. Many had to clear out their desks on the spot. "It broke my heart," says one employee who was among those who left the agency's Washington, D.C., headquarters.

The NNSA termination letter did not appear to make any specific reference to the highly-classified nuclear mission conducted by the agency.

But others at the agency who were told they were terminated never received written notification.

Nuclear security is highly specialized, high-pressure work, but it's not particularly well paid, one employee told NPR. Given what's unfolded over the past 24 hours, "why would anybody want to take these jobs?" they asked.

Despite having the words "National" and "Security" in its title, it was not getting an exemption for national security, managers at the agency were told last Friday, according to an employee at NNSA

Just days before, officials in leadership had scrambled to write descriptions for the roughly 300 probationary employees at the agency who had joined the federal workforce less than two years ago.

Managers were given just 200 characters to explain why the jobs these workers did mattered.

"Per OPM [Office of Personnel Management] instructions, DOE finds that your further employment would not be in the public interest,"

information will go into an LLM (Large Language Model), an advanced AI system that looks at huge amounts of text data to understand, generate, and process human language, the sources said. The AI system will determine whether someone’s work is mission-critical or not

reason the email requested no links or attachments was because of the plan to send the information to the AI system, the sources said.

Washington Post reported in February that DOGE was using artificial intelligence to analyze spending at the Education Department, citing two people familiar with the project.