John Solly, a software engineer and former member of the so-called Ministry of Government Effectiveness (DOGE), is the DOGE agent allegedly accused in a whistleblower complaint of telling colleagues that he had stored sensitive Social Security Administration (SSA) data on a USB drive and wanted to share the information with his new employer, multiple sources told WIRED.
Since October, according to a copy of his resume, Solly has worked as director of technology for the health IT division of a government contractor called Leidos, which has already received millions of dollars in SSA contracts and could receive up to $1.5 billion in contracts with the SSA based on a five-year agreement signed in 2023. Solly’s personal website and LinkedIn were taken offline as of this week.
Responding to a request for comment, Solly, through his legal counsel, denied committing any wrongdoing. A Leidos spokesperson also said the company found no evidence supporting the whistleblower’s claims against Solly.
Solly was one of 12 DOGE SSA team memberswhere, according to the resume on his personal website, he supported “other DOGE engineers on initiatives such as Digital SSN, Death Master File cleanup” and “SSN Verification API (EDEN 2.0).” The “Death Master File” is an SSA database containing millions of Social Security records of deceased individuals and is maintained so that their identities cannot be used for fraudulent purposes. An API, or application programming interface, allows different programs to communicate with each other, including extracting data and information from each other. In this case, this could allow agencies and institutions outside of SSA to access social security data.
The allegation was revealed in a complaint filed with the SSA’s internal watchdog, first reported earlier this week by The Washington Postwhich did not name Solly or Leidos. According to the Post, the complaint was filed with the SSA Office of Inspector General earlier this year and alleges that the former DOGE employee told co-workers that he took copies of the SSA’s digital identification system, or NUMIDENT, as well as the “death master record.” NUMIDENT is an SSA master database containing all information included in an application for a Social Security number, including full names, dates of birth, race and other personally identifiable information.
In the complaint, according to the Post, a whistleblower alleges that the former DOGE employee asked for help transferring a set of data from a USB drive to a personal computer so he could “sanitize” it before downloading it for use at a private sector company. The former DOGE employee allegedly said he expected to receive a presidential pardon if his actions were illegal, according to the complaint.
Solly “has not shared, accessed or accessed any personally identifiable information (PII) maintained by the SSA, including the Death Master File (DMF) and the SSA’s Digital Identification System (Numident). The allegations made by a purportedly anonymous source are patently false and defamatory. Mr. Solly will take all appropriate steps to clear his good name and good name,” said Seth Waxman, who represents Solly. “Certainly any fair review of the facts and circumstances surrounding these spurious allegations will fully exonerate him. »
Leidos is a major contractor for the SSA. Between 2010 and 2018, the company recruited million dollars in SSA IT contracts. In 2018, Leidos was contracts won potentially worth up to $639 million for IT support services and disability claims processing. In 2023, the company announced that it had obtained an estimated amount $1.5 billion IT contract with agency. As part of the DOGE blitz against the US government in early 2025, Leidos, like many government contractors, saw some of its contracts canceled.
Leidos spokesperson Todd Blecher told WIRED: “We conducted an internal investigation, including interviews with employees, and found no substantiation for the claims against Mr. Solly. Our investigation involved advanced digital analytics that found no evidence that the Social Security Administration data described in a whistleblower complaint is, or ever was, on Leidos’ networks. We also determined that Mr. Solly never plugged a USB drive or other storage device on his company-provided laptop. There is no overlap in his current employment statement at Leidos with the work he performed at the SSA.
“The allegations made by a single anonymous source have been strongly refuted by all parties cited: SSA, the former employee and the company,” an SSA spokesperson told WIRED. “Even the Washington Post admitted it could not verify the information because it is not true. SSA is focused on continuing our digital-first transformation to provide better, faster service to every American.”
Last August, Chuck Borges, SSA chief data officer, filed another complaint to the US Office of Special Counsel accusing DOGE illegal downloading of SSA data, including highly sensitive information on millions of people with Social Security numbers, to a unsecured cloud server. In the complaint, Borges alleged that actions taken by DOGE could put the data at risk of being hacked or leaked.
In Borges’ complaint, he specifically named Solly as the DOGE member who requested that the agency move live NUMIDENT data, which contains millions of Social Security numbers, and upload it to a cloud environment lacking “independent security controls.”
Other DOGE members, including Edward Coristine, Aram Moghaddassi, and Michael Russo, were allegedly accused in Borges’ complaint of participating in discussions to move NUMIDENT data. Before joining DOGE at 19, Coristine worked for a startup that hired convicted reformed hackers. Coristine, Moghaddassi and Russo did not immediately respond to requests for comment before publication.
A few days after filing the complaint, Borges resigned from his role to the SSA, citing the agency’s actions against him that “make my duties legally and ethically impossible to perform.” There were others controversies surrounding DOGE’s activities in SSA: in one case, while the DOGE team was in SSA, they moved social security numbers of thousands of immigrants in the “master death file” as a means of preventing them from living and working in the United States.
When Solly arrived at SSA last year, he was initially tasked with consolidating the agency’s IT ticketing system, according to two SSA sources familiar with his work. In June last year, he apparently took on a new project involving NUMIDENT data, according to the Borges complaint. A resume that Solly posted on his personal website also described the agency’s work on something called EDEN 2.0.
EDEN, or Enterprise Data Exchange Network, was originally part of a system to help financial institutions verify the identities of their customers, according to Leland Dudek, former acting commissioner of the SSA. The EDEN system extracts data from NUMIDENT, which Solly would likely have needed to access to work on EDEN. “Data sharing usually takes place via a central computer,” explains Dudek. “It’s really not a good way to share data.”
It’s unclear exactly what Project EDEN 2.0 was supposed to accomplish, but it appears to be an API system to provide real-time Social Security number verification to other government agencies, according to a source familiar with the work.
According to Dudek, the first version of EDEN was built around the same time as another SSA tool, the Electronic Consent-Based Social Security Number Verification (eCBSV). It is a fraud detection tool that allows financial institutions to check their records against Social Security data, to ensure, for example, that a person opening a bank account is who they say they are. To share this data securely with outside institutions, SSA needed a system that did not require mainframe access. EDEN, although not technically part of the eCBSV system, was instrumental to the project.
“The underlying element that makes this work, because you’re entering into agreements with different business entities and exposing it through an API, is what the EDEN system was designed to do,” Dudek says.
Although Dudek says EDEN was not designed for the purpose of sharing SSA data with other agencies, he says “it could be” used for that purpose. “A logical extension of [sharing data with financial institutions] could be used to share data between other agencies,” he says.
Dudek says that SSA’s DOGE team never directly told him that they were working on EDEN and that he did not ask them to do so. “They were more interested in looking for fraud in the NUMIDENT file,” he says.
It appears that EDEN is already being used to share data with other agencies. On February 25, William Kirk, Inspector General of the Small Business Administration (SBA), appeared before the Senate Committee on Small Business and Entrepreneurship to combat fraud, particularly in loans granted to support businesses during the Covid-19 pandemic. In a written statement Submitted alongside his testimony, Kirk states that “the SBA also said it has expanded data sharing agreements among federal databases,” including “the Social Security Administration’s Enterprise Data Exchange Network.”