Picture: Koshiro K / shutterstock.com

"I accept the risk" - and put the whole of America at risk?

A whistleblower report is currently causing sheer horror in the USA: One of the country's most sensitive databases - containing data on almost every US citizen - was apparently copied to an unsecured cloud server. The government agency responsible is DOGE ("Department of Government Efficiency") - once established under Donald Trump, initially even under the leadership of Elon Musk.

According to the complaint, which has since been made public by the New York Times, the incident concerns the so-called NUMIDENT database. It contains social security numbers, names, dates of birth, addresses, telephone numbers, nationality - even ethnicity and parental information. In total, around 550 million data records are involved.

And all this apparently without adequate safety precautions and without independent monitoring.

How could this happen - and what is the threat now?

According to the complaint, the database was moved to the cloud in June 2025. Officially, the aim was to improve data exchange between authorities. However, there was apparently no final security check, no external control and no clear access rules.

Although there is no evidence so far that hackers have already struck, the danger is real. According to experts, the data could be a perfect target for identity theft. And in the worst-case scenario, the US government would even have to reissue all social security numbers - a gigantic bureaucratic disaster.

It is still unclear whether international data is also affected, for example of people who have worked or wanted to work in the USA.

DOGE remains silent, the government hesitates - and the cloud remains open?

It is not only the data theft itself that is controversial, but also the way in which warnings were apparently handled: The application was changed several times, classified as "high-risk", but then waved through anyway. And afterwards? No supervision, no transparency.

The fact that something like this is happening in a US agency is simply scandalous - especially when you consider the impact a leak of this magnitude would have. And even though DOGE is no longer led by Elon Musk, the legacy seems more chaotic than ever.

Data risk USA - and no one takes responsibility

This is more than just a data leak. This is a government failure with an announcement. The fact that someone was able to move a database of this size to an inadequately secured cloud without controls shows how fragile even government apparatuses can be when it comes to data protection. Data protection is not an optional appendix that can be omitted when it is inconvenient.

If data protection officers are ignored, IT security regulations are circumvented and supervisory authorities are eliminated - then even the best cloud won't help. In such cases, citizens' trust is gone faster than you can say "upload".

Tip for anyone who lives or has worked in the USA: Keep an eye out for suspicious emails or sudden phone calls. If you do nothing now, you risk identity theft in installments later.