A federal cybersecurity specialist, Daniel Berulis, has made serious allegations against President Donald Trump’s Department of Government Efficiency (DOGE), claiming that it caused a significant security breach at the National Labor Relations Board (NLRB) and may have unlawfully removed sensitive data. These claims were publicly disclosed in a whistleblower statement on Tuesday, which Berulis submitted to members of Congress and a federal whistleblower office, urging an investigation into the alleged cybersecurity breach.
In a worrying turn of events, Berulis's lawyer revealed that the whistleblower was targeted with a threatening note, along with photographs of him taken near his residence. These actions raise grave concerns about the safety and well-being of individuals who expose potential misconduct within government agencies. The declaration was first reported by NPR, and while NBC News has not independently verified the allegations, the implications are serious.
According to the whistleblower report, which NBC News has reviewed, Berulis noticed a series of "anomalous" events in the NLRB's computer systems shortly after DOGE staffers arrived in March. He highlighted significant changes, including alterations to the use of multi-factor authentication—a crucial security measure—and the disabling of internal alert systems. In his detailed 14-page statement, he claimed to have monitored what seemed to be the outbound transfer of approximately 10 gigabytes of data, which he equated to a “full stack of encyclopedias” if all the data were text files.
Berulis expressed alarm at the data removal, noting that it was "extremely unusual" for data to leave the NLRB’s databases. The data accessed by DOGE is said to contain personally identifiable information of claimants and respondents involved in pending matters, as well as confidential business information collected during investigations. Furthermore, after DOGE gained access to the NLRB's systems, there was a notable increase in login attempts from overseas locations, particularly from a user with an internet protocol (IP) address in Russia. Berulis stated that the individual appeared to have valid login credentials, created just minutes prior by DOGE engineers, and was only blocked due to their geographical location.
In response to the allegations, Anna Kelly, a White House deputy press secretary, defended DOGE, asserting that the department had been transparent about its initiatives at the NLRB. “It is months-old news that President Trump signed an Executive Order to hire DOGE employees at agencies and coordinate data sharing,” Kelly stated, emphasizing the agency's commitment to eliminating waste, fraud, and abuse across the Executive Branch. However, her statement did not address the specific allegations regarding the data transfer.
The NLRB and Elon Musk did not immediately respond to requests for comments. An NLRB spokesperson, however, denied that DOGE had been granted access to its systems, asserting that there had been no request for such access, and an internal investigation concluded that no breach occurred. Meanwhile, the Justice Department has argued in ongoing litigation regarding DOGE's access to federal data that the agency has broad authority to access data under the executive order signed by Trump at the beginning of his second term.
It remains unclear whether Berulis's disclosure will prompt an investigation. The two lawmakers to whom Berulis submitted his statement have not yet responded to inquiries. Andrew Bakaj, Berulis's lawyer, indicated that he believes the actions in question violate the Federal Information Security Modernization Act, a law enacted in 2014 to protect government data, as well as the federal Privacy Act. “The practical, legal, and national security implications of such an intrusion are vast,” Bakaj warned.
Furthermore, Bakaj revealed that on April 7, while Berulis was preparing his written statement, an individual taped a threatening note to his front door, accompanied by drone-captured photographs of him in his neighborhood. “The threatening note made clear reference to this very disclosure he was preparing for you,” Bakaj wrote, raising suspicions that the intimidation may be linked to someone with access to NLRB systems.
