A federal cybersecurity expert has alleged that President Donald Trump's Department of Government Efficiency (DOGE) was behind a security breach at the National Labor Relations Board (NLRB), according to a whistleblower statement released Tuesday.
The expert, Daniel Berulis, claims that DOGE may also have removed sensitive data from the board without permission. His allegations were outlined in a sworn declaration submitted to members of Congress and a federal whistleblower office, NBC News reported.
Berulis is calling for an investigation into what he described as a serious breach of cybersecurity. His attorney added that Berulis had received a threatening note and was sent photographs taken near his home.
The whistleblower report emerges as DOGE — and Elon Musk, a billionaire adviser to Trump — face multiple lawsuits over their access to federal computer systems.
Whistleblower Report Claims DOGE Altered Security Settings
Berulis, who works at the NLRB, said in the 14-page statement that he noticed unusual activity in the board's computer systems shortly after DOGE staff arrived in March. He described changes to security protocols, including the disabling of internal alert systems and the modification of multi-factor authentication settings.
He also observed what looked like the transfer of more than 10 gigabytes of data from the NLRB's systems — an unusual event, as data typically doesn't leave the agency's databases.
The whistleblower report mentioned that DOGE accessed a database containing personal and confidential business information related to ongoing labor board cases.
He mentioned that once DOGE got into the labor board's systems, there was a noticeable spike in login attempts from outside the U.S., including one traced to a Russian IP address. He noted that the user associated with that IP had valid login credentials — created just minutes earlier by DOGE engineers — but was blocked from accessing the system due to location-based restrictions.
Although the login attempts were unsuccessful, Berulis called them "especially alarming." He included screenshots from a workstation as evidence of the data transfer and emphasized his qualifications, noting nearly 20 years of experience in cybersecurity and a Top Secret security clearance.
White House Defends DOGE's Actions
In response, White House deputy press secretary Anna Kelly said that DOGE had been transparent in its work at the NLRB.
"It is months-old news that President Trump signed an Executive Order to hire DOGE employees at agencies and coordinate data sharing," she said.
"Their highly-qualified team has been extremely public and transparent in its efforts to eliminate waste, fraud, and abuse across the Executive Branch, including the NLRB," she added. However, her statement did not address the alleged transfer of data.
The NLRB and Musk did not immediately respond to requests for comment. In a separate statement to NPR, an NLRB spokesperson said the agency had not given DOGE permission to access its systems.
The spokesperson also said that DOGE never formally sought access and that a subsequent internal investigation, launched after Berulis raised alarms, "determined that no breach of agency systems occurred."
Critics of DOGE's access have raised alarms about the potential misuse of Americans' sensitive information. This information includes citizens' Social Security numbers, income details, addresses, and other personal data stored in federal systems, some of which are used to administer federal benefits like Social Security payments and student loans. Some fear it could be used for political purposes.
It remains unclear whether Berulis's disclosure will prompt a formal investigation. His attorney, Andrew Bakaj, wrote in a letter to members of Congress that the actions described in the report may have violated the Federal Information Security Modernization Act of 2014 — a law aimed at protecting government data — as well as the federal Privacy Act.
Originally published on IBTimes
© Copyright IBTimes 2024. All rights reserved.
