A whistleblower complaint alleges John Solly claimed to have stored highly sensitive Social Security data on a thumb drive. Solly and Leidos, his current employer, strongly deny the allegations.

John Solly, a software engineer and former member of the so-called Department of Government Efficiency (DOGE), is the DOGE operative reportedly accused in a whistleblower complaint of telling colleagues that he stored sensitive Social Security Administration (SSA) data on a thumb drive and wanted to share the information with his new employer, multiple sources tell WIRED.

Since October, according to a copy of his résumé, Solly has worked as the chief technology officer for the health IT division of a government contractor called Leidos, which has already received millions in SSA contracts and could receive up to $1.5 billion in contracts with SSA based on a five-year deal it signed in 2023. Solly’s personal website and LinkedIn have been taken offline as of this week.

Responding to a request for comment, Solly, through his legal counsel, denied engaging in any wrongdoing. A spokesperson for Leidos also said the company found no evidence supporting the whistleblower’s claims against Solly.

Solly was one of 12 DOGE team members at SSA, where, according to the résumé on his personal website, he supported “other DOGE engineers on initiatives including Digital SSN, Death Master File cleanup,” and “SSN verification API (EDEN 2.0).” The “death master file” is an SSA database containing millions of Social Security records of deceased people and is maintained so that their identities can’t be used for fraud. An API, or application programming interface, allows different programs to talk to each other, including pulling data and information from each other. In this case, it could allow Social Security data to be accessed by agencies and institutions outside of SSA.

The allegation was revealed in a complaint filed to SSA’s internal watchdog first reported earlier this week by The Washington Post, which did not name Solly or Leidos. According to the Post, the complaint was filed with the SSA’s Office of the Inspector General earlier this year and alleges that the former DOGE employee told coworkers he took copies of the SSA’s Numerical Identification System, or NUMIDENT, as well as the “death master file.” NUMIDENT is a master SSA database containing all information included in a Social Security number application, including full names, birth dates, race, and more personally identifiable information.

In the complaint, according to the Post, a whistleblower alleges that the former DOGE employee sought help transferring a set of data from a thumb drive to a personal computer so he could “sanitize” it before uploading it for use at a private-sector company. The former DOGE employee allegedly said that he expected to receive a presidential pardon if his actions were unlawful, the complaint reportedly stated.

Solly “did not share, access, or view any personally identifiable information (PII) maintained by SSA, including SSA’s Death Master File (DMF) and Numerical Identification System (Numident). The allegations made by a supposedly anonymous source are patently false and slanderous. Mr. Solly will take all appropriate steps to clear his good name and stellar reputation,” says Seth Waxman, who is representing Solly. “He is certain that any fair review of the facts and circumstances surrounding these spurious allegations will fully exonerate him.”

Leidos is a major contractor for SSA. Between 2010 and 2018, the company brought in millions of dollars in SSA IT contracts. In 2018, Leidos was awarded contracts potentially worth up to $639 million for IT support services and processing disability claims. In 2023, the company announced that it had been awarded an estimated $1.5 billion IT contract with the agency. As part of DOGE’s blitz into the US government in early 2025, Leidos, like many government contractors, saw some of its contracts cut.

Leidos spokesperson Todd Blecher tells WIRED, “We completed an internal investigation, including employee interviews, and found no substantiation of the assertions against Mr. Solly. Our investigation involved advanced digital forensics that found no evidence that the Social Security Administration data described in a whistleblower complaint is, or ever has been, on Leidos networks. We also determined that Mr. Solly never plugged a thumb drive or any other storage device into his company-issued laptop. There is no overlap in his current work statement at Leidos with the work he performed at SSA. We are fully cooperating with the Social Security Administration on this matter.”

“The allegations by a singular anonymous source have been strongly refuted by all named parties—SSA, the former employee, and the company,” an SSA spokesperson tells WIRED. “Even The Washington Post admitted they could not verify the information—because it is not true. SSA is focused on continuing our digital-first transformation to deliver better, faster service for every American.”

Last August, SSA’s chief data officer, Chuck Borges, filed a different complaint to the US Office of Special Counsel accusing DOGE of wrongfully uploading SSA data, including highly sensitive information on millions of people with Social Security numbers, to an unsecured cloud server. In the complaint, Borges alleged that the actions undertaken by DOGE could put the data at risk of being hacked or leaked.

In Borges’ complaint, he specifically named Solly as a DOGE member who requested that the agency move live NUMIDENT data, which contains millions of Social Security numbers, and upload it into a cloud environment lacking “independent security controls.”

Other DOGE members, including Edward Coristine, Aram Moghaddassi, and Michael Russo were alleged in Borges’ complaint to have taken part in the discussions to move NUMIDENT data. Before joining DOGE at 19 years old, Coristine worked for a startup that hired reformed convicted hackers. Coristine, Moghaddassi, and Russo did not immediately respond to requests for comment prior to publication.

Days after filing the complaint, Borges resigned from his role at SSA, citing actions against him by the agency that “make my duties impossible to perform legally and ethically.” There were other controversies surrounding DOGE’s activities at SSA: In one instance, while the DOGE team was at SSA, they moved the Social Security numbers of thousands of immigrants into the “death master file” as a way to effectively shut off their ability to live and work in the US.

When Solly arrived at SSA last year, he was originally tasked with consolidating the agency’s IT ticketing system, according to two SSA sources familiar with his work. By June of last year, he had seemingly taken on a new project involving NUMIDENT data, according to the Borges complaint. A résumé Solly posted to his personal website also outlined work for the agency on something called EDEN 2.0.

EDEN, or the Enterprise Data Exchange Network, was originally part of a system to help financial institutions verify the identities of their customers, according to Leland Dudek, former acting SSA commissioner. The EDEN system pulls data from NUMIDENT, which Solly would likely have needed access to in order to work on EDEN. “Sharing things typically goes over a mainframe,” says Dudek. “That's really not a great way to share data.”

It’s unclear exactly what the EDEN 2.0 project was intended to accomplish, but appears to be an API system to supply real-time Social Security number verification to other government agencies, according to a source familiar with the work.

According to Dudek, the first version of EDEN was built around the same time as another SSA tool, the electronic Consent Based Social Security Number Verification (eCBSV). This is a fraud detection tool that allows financial institutions to check their records against Social Security data, to ensure, for instance, that someone opening a bank account is who they say they are. In order to share that data safely with outside institutions, SSA needed a system that didn’t require mainframe access. EDEN, though not technically part of the eCBSV system, was instrumental to the project.

“The underlying piece that made that work, because you're making agreements with different commercial entities, and you're exposing it through an API, that was what the EDEN system was designed to do,” says Dudek.

Though Dudek says that EDEN was not designed with the purpose of sharing SSA data with other agencies, he says “it could be” used for that. “A logical extension of [sharing data with financial institutions] could be used to share data between other agencies,” he says.

Dudek says that the DOGE team at SSA never directly told him that they were working on EDEN and that he did not instruct them to. “They were more interested in trying to find the fraud in the NUMIDENT file,” he says.

It appears that EDEN is already being used to share data with other agencies. On February 25, William Kirk, inspector general of the Small Business Administration (SBA), appeared before the Senate Committee on Small Business and Entrepreneurship on combating fraud, particularly in loans given out to support businesses during the Covid-19 pandemic. In a written statement submitted alongside his testimony, Kirk says that “SBA also has stated that it has expanded data-sharing agreements across federal databases,” including “the Social Security Administration’s Enterprise Data Exchange Network.”