SSA Head's Affirmation Regarding Whistleblower Allegation: no unauthorized database access occurred.
The Social Security Administration (SSA) is under scrutiny following a whistleblower complaint made by its former Chief Data Officer, Charles Borges. Prior to raising his concerns, Borges did not communicate with the security, data, and infrastructure groups who oversee such issues within the agency. The allegation centres around unauthorized access to the Numident database, a critical repository of personal details such as names, phone numbers, addresses, dates of birth, parents' names, Social Security numbers, and other personal details. In his initial complaint, Borges alleged that DOGE-affiliated staffers requested access to a virtual private cloud within Amazon Web Services' (AWS) cloud infrastructure. However, the SSA never transferred the Numident database to a private cloud server within its AWS cloud. The Social Security Administration uses AWS as its cloud service provider, following federal procurement requirements, and the SSA's cloud infrastructure is compliant with the Federal Risk and Authorisation Management Program (FedRAMP). The SSA consistently monitors its systems for signs of unauthorized access or data compromise and did not find any related issues involving the Numident database. The acting chief information security officer assessed the allegation that Numident data was stored in an unsecured cloud environment and found it to be unfounded. In response to concerns about the integrity of data at the SSA, Commissioner Frank Bisignano disputed the whistleblower complaint about SSA's data security. The SSA Chief responded to these concerns, stating the process the agency took after the whistleblower report. The Social Security Administration designated two executives to interview Charles Borges after he raised his concerns. The Senate Finance Committee Chair, Mike Crapo, has asked for information on whether the Numident data was compromised and what actions the agency took following the whistleblower report. Borges claimed his concerns were 'rebuffed or ignored' by agency leadership. It's important to note that all employees go through a vetting process before getting access to agency information systems. The SSA complies with the Federal Information Security Management Act (FISMA) requirements, which mandate federal agencies to have comprehensive information security programs. Despite the allegations, the SSA maintains that it takes data security seriously and has robust measures in place to protect sensitive information. Charles Borges resigned days after filing the complaint, and the SSA is continuing its investigation into the matter.
Read also:
- EV Charging Network Broadens Reach in Phoenix, Arizona (Greenlane Extends Electric Vehicle Charging Infrastructure in Phoenix)
- Revolutionary EV Battery Enables Drivers to Achieve 500 Miles of Travel in just 12 Minutes of Charging
- Costa Rica's ICE to install 230 electric chargers, boosting the speed of electric mobility in the country by 2025
- YouTube has disbursed over $100 billion to content creators on its platform since the year 2021.
