John Solly asks staff in the Social Security Administration’s CIO office (then possibly under the leadership of Scott Coulter or Aram Moghaddassi) to create a cloud environment to upload the NUMIDENT data to. The stated reason was purported reason for the project was to improve the way that SSA exchanges data.

John Solly modifies his request to instead ask to transfer NUMIDENT data to a test environment. This is not entirely unheard of, but it’s considered a very insecure practice to move production data into a testing environment that might not be authorized for that. DOGE then amends their request again to ask for full admin access to SSA’s cloud environment.

A career official writes up a Risk Acceptance Request Form to share with Aram Moghaddassi and another unnamed career official in the office of the CIO at Social Security about DOGE’s request to have administrative access to a separate Virtual Private Cloud within the Amazon Web Services infrastructure at SSA. The official classifies this as high-risk due a proposal to copy NUMIDENT data to a developer environment with looser access controls and security measures. DOGE developers would also be able to make this data publicly accessible without following the Authority to Operate (ATO) requirements for any new public services and install software not approved for operation in SSA infrastructure.

Reportedly acting as a joint CIO at Social Security, Mike Russo overrides the concerns of junior staff in the Office of the CIO at the Social Security Administration and approves a request by John Solly to transfer NUMIDENT data into the new DOGE-controlled cloud environment.

Expressing concerns that the lax security of DOGE’s cloud could lead to the leak of every American’s social security number (and the requirement ro reissue new ones), the Chief Data Officer of the Social Security Administration contacts Edward Coristine and John Solly to request information about the security of DOGE’s cloud. He is never granted a reply and learns that the SSA Office of General Counsel (headed by DOGE member Mark Steffensen) has advised employees not to respond to his inquiries.