Social Security Administration Vendor Cyber Rating & Cyber Score

ssa.gov
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

Social Security provides financial protection for our nation’s people, supporting more than 64 million individuals and families. With retirement, disability, and survivors benefits, Social Security is one of the most successful anti-poverty programs in our nation's history. We are there throughout life’s journey, helping secure today and tomorrow. We are one of the largest independent agencies in government, with over 58,000 team members throughout the country. Our talented workforce includes employees who serve customers directly, as well as those who support their work in diverse fields. Through compassion and dedication, our team members help promote the economic security of the country. They are the heart of our agency, providing high-quality, personalized service to people in their communities, nationwide, and even living abroad. Our workforce is our greatest strength at SSA. We place high priority on developing, engaging, and empowering our team members. Through career development programs, our team members have access to a wide range of training and professional development opportunities. We rely on our team members’ feedback to improve how we administer our programs and to create an environment of trust and cooperation across our organization. We also offer an excellent benefits package to our team members. To learn more about a career with SSA, visit SSA.gov/careers.

Social Security Administration A.I CyberSecurity Scoring

SSA

Company Details

Linkedin ID:

ssa

Website:

http://www.ssa.gov/careers/

Employees number:

46,616

Number of followers:

194,555

NAICS:

92

Industry Type:

Government Administration

Homepage:

ssa.gov

IP Addresses:

Scan still pending

Company ID:

SOC_1118191

Scan Status:

In-progress

AI scoreSSA Risk Score (AI oriented)

Between 0 and 549

https://images.rankiteo.com/companyimages/ssa.jpeg
SSA Government Administration
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
Get a Score Increase
globalscoreSSA Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/ssa.jpeg
SSA Government Administration
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Social Security Administration

Critical
Current Score
474
C (Critical)
01000
6 incidents
-71.33 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

APRIL 2026
474
MARCH 2026
469
FEBRUARY 2026
538
Breach
04 Feb 2026 • Social Security Administration: The Social Security data breach is a national-security disaster that could hurt Americans for the rest of their lives: whistleblower
Potential Massive Social Security Data Breach

**Former SSA Chief Data Officer Warns of Massive Social Security Data Breach** A whistleblower has raised alarms over a potential national security disaster involving the exposure of sensitive Social Security data for every American with or who ever had a Social Security number (SSN). Chuck Borges, the former chief data officer of the Social Security Administration (SSA), resigned in August and filed a complaint alleging that employees of the Department of Government Efficiency (DOGE) uploaded a copy of the SSA’s entire database to an unsecured cloud environment. The breach, if confirmed, could expose names, SSNs, and addresses critical personal data vulnerable to fraud and identity theft. Borges described the incident as a "national-security disaster" with lifelong consequences for affected individuals, urging congressional investigation. The SSA has not publicly confirmed the breach, but the allegations highlight systemic risks in government data handling. The incident underscores growing concerns over cybersecurity lapses in federal agencies and their potential long-term impact on millions of Americans.

522
critical -16
SSA1770710407
Incident Details -
Type
Data Breach
Attack Vector
Insider Threat / Misconfiguration
Vulnerability Exploited
Unsecured cloud environment
Impact
Data Compromised: Names, SSNs, addresses Systems Affected: SSA database Brand Reputation Impact: High Legal Liabilities: Potential Identity Theft Risk: High
Data Breach
Type Of Data Compromised: Personally Identifiable Information (PII) Number Of Records Exposed: Entire SSA database (all Americans with an SSN) Sensitivity Of Data: High Personally Identifiable Information: Names, SSNs, addresses
Regulatory Compliance
Legal Actions: Potential congressional investigation
Investigation Status
['Ongoing (allegations not confirmed by SSA)']
Post Incident Analysis
Root Causes: Systemic risks in government data handling, unsecured cloud environment
References
Blog URL Source URL
JANUARY 2026
536
DECEMBER 2025
531
NOVEMBER 2025
590
OCTOBER 2025
639
Breach
07 Oct 2025 • Social Security Administration (SSA)
Senate Democrats Warn DOGE Puts Federal Data at Risk Due to Unverified Security Controls

Senate Democrats, led by Senator Gary Peters, have raised alarms over the Social Security Administration (SSA) failing to secure federal data despite clear warnings. An internal SSA risk assessment revealed up to a **65% chance of a catastrophic breach**, yet critical systems remain operational **without verified security controls**. The exposed vulnerabilities threaten sensitive federal data, including personally identifiable information (PII) of millions of Americans—such as Social Security numbers, financial records, and employment histories.The lack of mitigating measures heightens the risk of **large-scale data exfiltration by cybercriminals or state-sponsored actors**, potentially leading to identity theft, financial fraud, or systemic disruptions in federal services. Given the SSA’s role in administering benefits to retirees, disabled individuals, and survivors, a successful breach could erode public trust, trigger legal repercussions, and impose massive remediation costs. The scenario aligns with long-standing concerns about **legacy IT infrastructure** in government agencies, where outdated systems and delayed patches create exploitable gaps. Without immediate intervention, the SSA’s negligence could culminate in a **devastating cyber incident** with cascading effects on national security and citizen welfare.

518
critical -121
SSA5102551100825
Incident Details -
Type
data_at_risk potential_breach
Vulnerability Exploited
lack_of_verified_security_controls high_risk_assessment_ignored
Impact
federal_data_systems Operational Impact: high_risk_of_catastrophic_breach Brand Reputation Impact: potential_damage_due_to_public_warning Identity Theft Risk: high
Response
public_warning_by_Senate_Democrats
Data Breach
Sensitivity Of Data: high (federal data) Personally Identifiable Information: likely (federal data context)
Recommendations
implement_verified_security_controls address_SSA_risk_assessment_findings mitigate_catastrophic_breach_risk
Investigation Status
['ongoing (public warning issued)']
Stakeholder Advisories
Senate_Democrats_warning
Initial Access Broker
federal_data
Post Incident Analysis
lack_of_verified_security_controls ignored_high-risk_assessment
References
Blog URL Source URL
OCTOBER 2025
636
Breach
01 Oct 2025 • U.S. Social Security Administration: DOGE employee stole Social Security data and put it on a thumb drive, report says
Former DOGE Engineer Accused of Stealing Sensitive U.S. Citizen Data from Social Security Administration

**Former DOGE Engineer Accused of Stealing Sensitive U.S. Citizen Data from Social Security Administration** A whistleblower complaint, reported by *The Washington Post*, alleges that a former software engineer from Elon Musk’s Department of Government Efficiency (DOGE) stole highly sensitive personal data from the U.S. Social Security Administration (SSA) and stored it on a thumb drive. The ex-employee, who worked at the SSA last year before joining a government contractor in October, reportedly told colleagues he possessed two restricted databases **Numident** and the **Master Death File** containing records on over **500 million living and deceased Americans**. The data allegedly includes Social Security numbers, birth details, citizenship status, race, ethnicity, and parental information. The whistleblower also claimed the former DOGE engineer had **"God-level" access** to SSA systems, raising concerns about unauthorized data extraction. While the SSA’s inspector general is investigating the complaint, an SSA spokesperson denied the allegations, calling the report **"fake news"** and accusing *The Washington Post* of sensationalism. The inspector general’s office has not yet commented. This incident is the latest in a series of controversies surrounding DOGE’s involvement with the SSA. In January, two DOGE members were accused of accessing and sharing restricted Social Security numbers to assist an advocacy group allegedly seeking to overturn election results. Last year, another whistleblower warned that DOGE uploaded **hundreds of millions of SSA records** to an insecure cloud server, and a federal judge blocked DOGE from accessing SSA systems, citing an unauthorized **"fishing expedition"** for fraud. Since the Trump administration installed DOGE members at the SSA last year, at least a dozen technical staff and engineers have worked at the agency, though their roles and activities were reportedly not disclosed to other SSA employees. The ongoing investigations highlight persistent concerns over data security and oversight within the agency.

639
critical --3
SSA1773182549
Incident Details -
Type
Data Breach
Attack Vector
Insider Threat
Vulnerability Exploited
Excessive Privileges (God-level access)
Impact
Data Compromised: Highly sensitive personal data (SSNs, birth details, citizenship status, race, ethnicity, parental information) Systems Affected: U.S. Social Security Administration (SSA) databases (Numident, Master Death File) Brand Reputation Impact: Potential reputational damage to SSA and DOGE Legal Liabilities: Potential regulatory and legal actions Identity Theft Risk: High (exposure of SSNs and PII)
Response
Communication Strategy: SSA spokesperson denied allegations, calling the report 'fake news'
Data Breach
Social Security numbers Birth details Citizenship status Race Ethnicity Parental information Number Of Records Exposed: 500+ million Sensitivity Of Data: High Data Exfiltration: Allegedly stored on a thumb drive Personally Identifiable Information: Yes
Investigation Status
['Ongoing (SSA Inspector General investigating)']
Post Incident Analysis
Root Causes: Excessive privileges, lack of oversight, potential insider threat
References
Blog URL Source URL
SEPTEMBER 2025
636
AUGUST 2025
706
Breach
01 Aug 2025 • Social Security Administration: The Social Security data breach is a national-security disaster that could hurt Americans for the rest of their lives: whistleblower
Alleged Massive Social Security Data Breach

**Former SSA Chief Data Officer Alleges Massive Social Security Data Breach, Calls for Congressional Investigation** A whistleblower has raised alarm over what he describes as a "national-security disaster" involving the exposure of sensitive Social Security Administration (SSA) data. Chuck Borges, who served as the SSA’s chief data officer until his resignation in August, alleges that employees of the Department of Government Efficiency (DOGE) uploaded a copy of the SSA’s entire database containing names, Social Security numbers, and addresses of every American with a Social Security number to an unsecured cloud environment. Borges, who filed a formal complaint, claims the breach stems from government mismanagement and could leave millions vulnerable to fraud for decades. The incident, if confirmed, would represent one of the most severe data exposures in U.S. history, affecting current and former Social Security number holders. The whistleblower has called for a congressional investigation, warning that the fallout could have lifelong consequences for affected individuals. The SSA has not publicly confirmed the breach, and details about the timeline, scope, and potential misuse of the data remain unclear. The allegations highlight growing concerns over federal data security practices and the risks of improper cloud storage oversight.

629
critical -77
SSA1770244647
Incident Details -
Type
Data Breach
Attack Vector
Improper Cloud Storage Oversight
Vulnerability Exploited
Unsecured cloud environment
Impact
Data Compromised: Names, Social Security numbers, and addresses of every American with a Social Security number Systems Affected: Social Security Administration (SSA) database Brand Reputation Impact: Severe Legal Liabilities: Potential Identity Theft Risk: High
Data Breach
Type Of Data Compromised: Personally Identifiable Information (PII) Number Of Records Exposed: Entire SSA database (all Americans with a Social Security number) Sensitivity Of Data: High Personally Identifiable Information: Names, Social Security numbers, addresses
Regulatory Compliance
Legal Actions: Potential congressional investigation
Investigation Status
['Ongoing (allegations not confirmed by SSA)']
Post Incident Analysis
Root Causes: Government mismanagement, improper cloud storage oversight
References
Blog URL Source URL
JULY 2025
706
JUNE 2025
795
MAY 2025
702
MARCH 2025
716
Cyber Attack
03 Mar 2025 • Cloudflare, U.S. Department of Justice and Social Security Administration: DOGE might have misused Social Security data, Trump administration admits
DOGE Employees Alleged Election Interference and Data Misuse

**DOGE Employees Under Scrutiny for Alleged Election Interference and Data Misuse** The U.S. Department of Justice (DOJ) has revealed in a court filing that members of Elon Musk’s **"DOGE"** team at the Social Security Administration (SSA) engaged in undisclosed communications with an unnamed advocacy group aiming to **overturn election results in certain states**. The interactions allegedly included a signed agreement that may have involved **matching Social Security data with state voter rolls** a potential violation of federal privacy laws. The DOGE employees have been **referred for possible Hatch Act violations**, which bars government officials from using their positions for political activities. According to DOJ officials, the advocacy group approached the SSA team with a request to **analyze voter rolls for evidence of fraud**, though the exact states targeted remain unspecified. Further concerns arose over the **unauthorized use of third-party servers**, including Cloudflare, to handle sensitive data contrary to a court ruling restricting access to such information. A senior adviser to Musk and the DOGE team, **Steve Davis**, was reportedly copied on a **March 3, 2025, email** containing a password-protected file with the private data of approximately **1,000 individuals** from SSA systems. It remains unclear whether the data was accessed or exploited. The DOJ stated that **no evidence suggests broader SSA awareness** of the communications or the **"Voter Data Agreement"** beyond the involved DOGE members. The investigation is ongoing, with no further details on potential legal consequences or the advocacy group’s identity.

697
medium -19
CLOUSDSSA1769016836
Incident Details -
Type
Data Misuse, Election Interference, Unauthorized Data Access
Attack Vector
Insider Threat, Unauthorized Data Sharing
Vulnerability Exploited
Lack of access controls, Unauthorized third-party server usage
Motivation
Political interference, Election fraud investigation
Impact
Data Compromised: Social Security data, Voter rolls, Private data of ~1,000 individuals Systems Affected: SSA systems, Third-party servers (Cloudflare) Operational Impact: Potential legal and regulatory scrutiny, Reputational damage to SSA Brand Reputation Impact: High (SSA and DOGE team) Legal Liabilities: Potential Hatch Act violations, Privacy law violations Identity Theft Risk: High (exposure of private data)
Response
Law Enforcement Notified: Yes (DOJ investigation)
Data Breach
Type Of Data Compromised: Social Security data, Voter rolls, Personally identifiable information (PII) Number Of Records Exposed: ~1,000 Sensitivity Of Data: High Data Encryption: Password-protected file Personally Identifiable Information: Yes
Regulatory Compliance
Hatch Act Federal privacy laws Legal Actions: Potential (DOJ investigation ongoing)
Investigation Status
['Ongoing']
Post Incident Analysis
Root Causes: Insider threat, Lack of oversight on data sharing, Unauthorized third-party server usage
References
Blog URL Source URL
JANUARY 2025
795
Breach
01 Jan 2025 • U.S. Social Security Administration: Whistleblower Alleges Massive Social Security Data Breach Involving Millions Of Records
Whistleblower Exposes Major Social Security Administration Data Breach

**Whistleblower Exposes Major Social Security Administration Data Breach** A whistleblower has revealed a significant data breach at the U.S. Social Security Administration (SSA), alleging that a former employee copied sensitive records onto a personal thumb drive. The complaint states the individual had full system access, raising concerns about the potential exposure of millions of confidential records. The incident highlights vulnerabilities in internal access controls and the risks posed by insider threats. While the exact scope of the breach remains unclear, the allegations underscore the need for stricter safeguards around highly sensitive government data. The SSA has not yet publicly confirmed the breach or its impact.

713
critical -82
SSA1773217593
Incident Details -
Type
Data Breach
Attack Vector
Insider Threat
Vulnerability Exploited
Insufficient internal access controls
Impact
Data Compromised: Sensitive records (potentially millions) Brand Reputation Impact: Potential reputational damage Identity Theft Risk: High
Data Breach
Type Of Data Compromised: Sensitive records, personally identifiable information Number Of Records Exposed: Potentially millions Sensitivity Of Data: High Data Exfiltration: Copied onto a personal thumb drive Personally Identifiable Information: Yes
Lessons Learned
Need for stricter safeguards around highly sensitive government data and improved internal access controls
Recommendations
Implement stricter internal access controls and monitor insider threats more closely
Investigation Status
['Ongoing']
Post Incident Analysis
Root Causes: Insufficient internal access controls, insider threat
References
Blog URL Source URL

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for Social Security Administration is 474, which corresponds to a Critical rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2026 was 469.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2026 was 538.

According to Rankiteo, the A.I. Rankiteo Cyber Score for January 2026 was 536.

According to Rankiteo, the A.I. Rankiteo Cyber Score for December 2025 was 531.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 590.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 639.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 636.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 629.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 706.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 795.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 702.

Over the past 12 months, the average per-incident point impact on Social Security Administration’s A.I Rankiteo Cyber Score has been -71.33 points.

You can access Social Security Administration’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/ssa.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view Social Security Administration’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/ssa.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.