Whistleblower Alleges Trump-Era Cybersecurity Breach and Data Theft at NLRB: Sensitive Personal and Legal Files Reportedly Compromised
WASHINGTON, D.C. — Explosive new allegations made public this week claim that officials from President Donald Trump’s controversial Department of Government Efficiency (DOGE) may have illegally accessed and removed sensitive data from the National Labor Relations Board (NLRB) in what is being described as a “major cybersecurity breach.” The whistleblower behind the allegations, federal cybersecurity specialist Daniel Berulis, has submitted a sworn declaration to Congress and a federal whistleblower protection office, triggering concerns of a systemic compromise of federal information systems during Trump’s second term.
The 14-page statement, first obtained by NPR and reviewed by NBC News, details Berulis’ concerns that DOGE operatives bypassed security protocols and accessed personally identifiable information (PII), confidential legal case files, and sensitive business data. He further claims that data exfiltration was traced to foreign IP addresses, including one in Russia, that used credentials created by DOGE engineers.
If verified, the alleged breach could mark one of the most significant unauthorized access incidents within a U.S. government agency in recent history—raising fresh questions about the extent of DOGE’s unchecked power and the federal government’s ability to safeguard critical data under executive authority.
The Alleged Breach
Berulis, a seasoned cybersecurity professional with nearly 20 years of experience and Top Secret clearance, began documenting irregular activity shortly after DOGE personnel were embedded at the NLRB in March. He has alleged that the Department of Government Efficiency (DOGE) created user accounts that were subsequently targeted by login attempts from a Russian IP address using valid credentials. Daniel Berulis, an IT specialist at the National Labor Relations Board (NLRB), reported that these login attempts occurred shortly after DOGE personnel established new user accounts within the NLRB’s systems. The attempts were blocked due to location-based security measures, but the use of correct usernames and passwords raised significant concerns about potential unauthorized access and data breaches.
Berulis’ disclosure has prompted calls for investigations into DOGE’s activities and the security of federal systems. The NLRB has denied any breach, and DOGE has not publicly commented on the allegations. The situation underscores the importance of robust cybersecurity measures and oversight within government agencies.
His report outlines several red flags, including:
-
The abrupt disabling of multi-factor authentication.
-
Deactivation of internal alerting systems.
-
A large data transfer—estimated at over 10 gigabytes—leaving the NLRB’s secure servers.
-
Outbound login attempts from non-U.S. IP addresses, including one tied to Russia, using credentials recently created by DOGE staff.
“This activity was not only unauthorized—it was deeply suspicious,” Berulis wrote in the disclosure. “It bypassed standard protocols and mirrored patterns typically associated with insider threats or foreign cyber operations.”
What Was Allegedly Accessed?
According to Berulis, the NLRB systems accessed by DOGE contained:
-
Names and Social Security numbers of claimants and respondents.
-
Confidential legal documents from ongoing labor investigations.
-
Proprietary business records submitted as evidence in federal labor disputes.
“Data almost never directly leaves the NLRB’s databases,” Berulis emphasized, making this particular transfer highly irregular and potentially unlawful.
Retaliation and Threats
In a chilling postscript to the disclosure, Berulis’ attorney, Andrew Bakaj—known for his role in high-profile national security whistleblower cases—revealed that Berulis received a physical threat just days before submitting his report. A note was taped to his front door alongside drone-captured photographs of Berulis walking in his neighborhood.
“The message clearly referenced this whistleblower disclosure,” Bakaj wrote in a letter to lawmakers. “This act of intimidation signals a dangerous escalation and raises real questions about how deep this breach goes.”
Official Responses and Silence
The White House, through deputy press secretary Anna Kelly, offered a tepid defense of DOGE’s operations, calling them “transparent” and aligned with Trump’s directive to eliminate “waste, fraud, and abuse.” Notably, the statement did not directly address the alleged data removal or foreign login attempts.
The NLRB, meanwhile, claimed DOGE had neither requested nor been granted access to its systems and insisted that an internal investigation found “no breach.” However, neither the agency nor its legal counsel have provided documentation supporting that claim, and multiple requests for comment from NBC News and other outlets have gone unanswered.
Elon Musk, named in the report as an advisor to DOGE and currently facing unrelated litigation over data access within federal systems, also declined to comment.
The Legal Landscape
Berulis’ legal team argues that DOGE’s actions may violate multiple federal statutes, including the Federal Information Security Modernization Act (FISMA) and the Privacy Act of 1974. More broadly, they challenge the legality of the executive order that grants DOGE broad access to “all unclassified records, software, and IT systems” across the federal bureaucracy.
“This is a clear overreach of executive authority,” Bakaj stated. “The implications are staggering—not just for the NLRB, but for any federal agency subject to this order.”
DOJ attorneys have previously defended the order’s broad language, asserting that DOGE’s access is legal under Trump’s 2025 Executive Order 13999, signed on his first day back in office. That order compels federal agencies to comply with DOGE requests for data access, provided they don’t violate existing laws—though what that means in practice remains murky.
What Comes Next?
As of publication, no congressional hearings have been scheduled in response to Berulis’ disclosure, though senior lawmakers have received copies of the complaint. The Office of Special Counsel and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) have declined to confirm whether investigations are underway.
Meanwhile, watchdog organizations and digital privacy advocates are sounding alarms.
“This could be the Snowden moment for internal federal cybersecurity failures,” said Amelia Corcoran, director at the Government Data Integrity Project. “If DOGE had—or still has—access to personal and legal data across federal agencies, that’s a national security emergency.”
Final Thoughts
Berulis’ disclosure may yet become the centerpiece of a larger reckoning over data integrity, executive overreach, and the weaponization of digital systems under political directives. Whether the Biden administration and Congress choose to act decisively—or sweep this under the rug—could define the next chapter of America’s cybersecurity posture and the protection of civil liberties within its own government infrastructure.
