The reality is that for most Americans, it’s almost a certainty that their personal and sensitive information is out there and available for use by scammers and fraudsters. This is because companies and organizations that have our data have either had it stolen or been careless with it, exposing our personal data. Just look at this interactive chart to see all the data breaches that have happened: https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/.

A reminder of this fact came in a recent Politico article, which reported that in court, the Trump administration admitted that the DOG team may have misused Social Security data (https://www.politico.com/news/2026/01/20/trump-musk-doge-social-security-00737245). What was revealed in court was that two DOGE team members working at the Social Security Administration were secretly in contact with a group trying to overturn election results in some states and had signed an agreement to provide data to match state voter rolls. To quote from the article: “They revealed that DOGE team members shared data on unapproved ‘third-party’ servers…”

When you combine this revelation with a previously reported whistleblower allegation that DOGE uploaded hundreds of millions of Social Security records to a vulnerable cloud server (https://techcrunch.com/2025/08/26/doge-uploaded-live-copy-of-social-security-database-to-vulnerable-cloud-server-says-whistleblower/), it seems likely that most Americans’ information held at SSA was likely compromised.

And the SSA has a LOT of sensitive information about each of us.



The data that the SSA has

Full Name Date of Birth Place of Birth Sex Citizenship status Parent’s names Lifetime earnings (in the Master Earnings File, which has detailed records of wages, salaries, and tips) Bank account details for beneficiaries of SSA benefits Work history Death information

I think it’s safe to assume at this point that all or some of this information has been compromised and/or deliberately shared outside of the US government, which means that, from an individual protection perspective, we should assume that any bad actor can find out this detailed information about us.

This information is extremely valuable for identity thieves and scammers. With this information, it is possible to obtain replacement birth certificates, open loans, create bank accounts, and all sorts of other mayhem.

This information is also extremely valuable to scammers for targeting and tailoring scams to us. For example, they know who is in the same family, which enables family emergency scams. Or, they know how much money people have made, so that they can target higher net worth individuals.

What can we do?

Unfortunately, when 3rd parties compromise our personal information, there isn’t much we can do to prevent it, and we have to bear the consequences from a risk perspective.

Ideally, I think we should hold individuals and organizations accountable for compromising our personal information. Whether it is a government or a company, I believe that those who hold personal information are required to protect it. And if they don’t, they should be held accountable. Unfortunately, in the United States, we have a poor track record of holding companies and governments responsible for mishandling our data (most companies get away with just offering basic identity monitoring that isn't very valuable, since you can do it for free anyway - see https://frozenpii.com/).

Steps to take

Here’s a list of some things you can do right now to minimize your risk from personal data exposure.

Our data is out there and could be used by bad actors to harm us. Knowing this is the first step to start protecting ourselves.

Be safe!

Tate