"A government whistleblower told lawmakers that DOGE's access to National Labor Relations Board (NLRB) systems went far beyond what was needed to analyze agency operations and apparently led to a data breach. NLRB employee Daniel Berulis, a DevSecOps architect, also says he received a threat when he was preparing his whistleblower disclosure.
"Mr. Berulis is coming forward today because of his concern that recent activity by members of the Department of Government Efficiency ('DOGE') have resulted in a significant cybersecurity breach that likely has and continues to expose our government to foreign intelligence and our nation's adversaries," said a letter from the group Whistleblower Aid to the Senate Select Committee on Intelligence leaders and the US Office of Special Counsel.
The letter, Berulis' sworn declaration, and an exhibit with screenshots of technical data are available here. "This declaration details DOGE activity within NLRB, the exfiltration of data from NLRB systems, and—concerningly—near real-time access by users in Russia," Whistleblower Aid Chief Legal Counsel Andrew Bakaj wrote. "Notably, within minutes of DOGE personnel creating user accounts in NLRB systems, on multiple occasions someone or something within Russia attempted to login using all of the valid credentials (e.g. Usernames/Passwords). This, combined with verifiable data being systematically exfiltrated to unknown servers within the continental United States—and perhaps abroad—merits investigation."
Bakaj said they notified law enforcement about an "absolutely disturbing" threat Berulis received on April 7."
https://arstechnica.com/tech-policy/2025/04/government-it-whistleblower-calls-out-doge-says-he-was-threatened-at-home/
#USA #Trump #DOGE #Musk #NLRB #CyberSecurity #DataBreach #DataProtection #Whistleblowing
"The DOGE employees, who are effectively led by White House adviser and billionaire tech CEO Elon Musk, appeared to have their sights set on accessing the NLRB's internal systems. They've said their unit's overall mission is to review agency data for compliance with the new administration's policies and to cut costs and maximize efficiency.
But according to an official whistleblower disclosure shared with Congress and other federal overseers that was obtained by NPR, subsequent interviews with the whistleblower and records of internal communications, technical staff members were alarmed about what DOGE engineers did when they were granted access, particularly when those staffers noticed a spike in data leaving the agency. It's possible that the data included sensitive information on unions, ongoing legal cases and corporate secrets — data that four labor law experts tell NPR should almost never leave the NLRB and that has nothing to do with making the government more efficient or cutting spending.
Meanwhile, according to the disclosure and records of internal communications, members of the DOGE team asked that their activities not be logged on the system and then appeared to try to cover their tracks behind them, turning off monitoring tools and manually deleting records of their access — evasive behavior that several cybersecurity experts interviewed by NPR compared to what criminal or state-sponsored hackers might do."
https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-musk-spacex-security