Importance Score: 72 / 100 🔴
Federal Cybersecurity Expert Claims Data Breach by Trump Administration at Labor Board
A cybersecurity specialist at the federal level has come forward as a whistleblower, alleging that the Department of Government Efficiency (DOGE) under President Donald Trump precipitated a security lapse at the National Labor Relations Board (NLRB). According to a public statement released Tuesday, DOGE is accused of potentially illicitly extracting sensitive information from the NLRB systems.
Whistleblower Declaration Raises Alarms About Potential Data Exfiltration
Daniel Berulis, the cybersecurity specialist, formalized his accusations in a sworn declaration submitted to members of Congress and a federal whistleblower protection office. He is urging an investigation into what he describes as a significant cybersecurity incident. Berulis’s legal counsel has indicated that their client has also been subjected to intimidation, including a threatening message and photographs taken near his residence. The declaration was initially reported by NPR; NBC News has not independently confirmed these allegations.
Ongoing Scrutiny of DOGE’s Access to Federal Systems
The whistleblower disclosure, reviewed by NBC News, surfaces amidst growing scrutiny of DOGE and Elon Musk, a billionaire advisor to Trump. Both are currently facing multiple legal challenges concerning their levels of access to computer networks across various federal departments.
Anomalous Activity Following DOGE Staff Arrival
In his declaration, Berulis, an employee of the labor board, details observing a series of “unusual” occurrences within the NLRB’s IT infrastructure shortly after DOGE personnel began working there in March. These anomalies, as outlined in his 14-page statement, include alterations to multi-factor authentication protocols—a standard security measure—and the disabling of internal alert systems.
Concerns Over Data Transfer and Sensitive Information
Berulis further reported tracking what appeared to be an outgoing data transfer of approximately 10 gigabytes or more. To illustrate the volume, he equated this to “a full stack of encyclopedias” in text form. He emphasized the exceptional nature of this data removal, stating that “data almost never directly leaves NLRB’s databases.”
vCard.red is a free platform for creating a mobile-friendly digital business cards. You can easily create a vCard and generate a QR code for it, allowing others to scan and save your contact details instantly.
The platform allows you to display contact information, social media links, services, and products all in one shareable link. Optional features include appointment scheduling, WhatsApp-based storefronts, media galleries, and custom design options.
The database in question, accessed by DOGE, contained personally identifiable information of individuals and entities involved in active cases before the agency. It also housed confidential business information gathered during investigations, according to Berulis.
Attempted Logins from Foreign IP Address Raise Security Red Flags
Berulis also noted an escalation in login attempts originating from international locations after DOGE gained access to the NLRB systems. Notably, an attempted login from a user with a Russian internet protocol (IP) address was detected. This user, seemingly possessing legitimate login credentials created shortly before by DOGE engineers, was thwarted solely due to their geographical location.
“Those attempts were blocked, but they were especially alarming,” Berulis stated in his declaration.
Evidence Presented and Whistleblower’s Credentials
Berulis included screenshots from a computer workstation as supporting evidence of the alleged data transfer in his disclosure. He asserted possessing nearly two decades of experience in cybersecurity and holding a Top Secret security clearance.
White House Response Defends DOGE’s Activities
Anna Kelly, White House deputy press secretary, issued a statement defending DOGE’s activities at the NLRB, asserting transparency in their operations.
“It is months-old news that President Trump signed an Executive Order to hire DOGE employees at agencies and coordinate data sharing,” Kelly stated. “Their highly-qualified team has been extremely open and transparent in its efforts to eliminate waste, fraud, and abuse across the Executive Branch, including the NLRB,” she added. Kelly’s statement did not directly address the allegations of data transfer.
NLRB Denies Granting System Access to DOGE
Both the NLRB and Elon Musk have not yet issued public comments. However, in a statement to NPR, an NLRB spokesperson refuted the claim that DOGE was granted access to agency systems, asserting that DOGE never requested such access. The spokesperson added that an internal review conducted after Berulis voiced his concerns “determined that no breach of agency systems occurred.”
Executive Order Cited to Justify DOGE Access
In separate legal proceedings concerning DOGE’s access to federal data outside of the NLRB specifically, the Justice Department has argued that DOGE’s access is authorized under an executive order signed by President Trump early in his term. This order directs all agency leaders to “take all necessary steps” to provide DOGE with “full and prompt access to all unclassified agency records, software systems, and IT systems,” to the extent permitted by law.
Potential Investigation and Legal Framework
The immediate repercussions of Berulis’s disclosure, including whether it will trigger a formal investigation, remain uncertain. Lawmakers who received Berulis’s disclosure have not yet publicly responded to requests for comment.
Andrew Bakaj, Berulis’s legal representative in his whistleblower capacity, conveyed in a letter to members of Congress his belief that the actions in question violate the Federal Information Security Modernization Act (FISMA), a 2014 law designed to protect government data, as well as the federal Privacy Act.
“As you are certainly aware, the practical, legal, and national security implications of such an intrusion are vast,” Bakaj wrote.
Threats and Intimidation Attempt Against Whistleblower
Bakaj also detailed an incident on April 7 where a threatening note was physically attached to Berulis’s front door. Accompanying the note were drone photographs of Berulis walking in his neighborhood. This occurred while Berulis was preparing his formal statement.
“The threatening note made clear reference to this very disclosure he was preparing for you, as the proper oversight authority. While we do not know specifically who did this, we can only speculate that it involved someone with the ability to access NLRB systems,” Bakaj asserted.