A respected federal cybersecurity specialist has raised allegations of serious and shocking breaches at the National Labor Relations Board (NLRB). They’ve alleged that a breach of sensitive data would have been possible if DOGE was granted access. Specialist Daniel Berulis submitted a SWORN DECLARATION to Congress. He contacted a federal whistleblower office to describe disturbing specifics around the incident.
Berulis has close to two decades of leadership experience in cybersecurity, and is a former holder of a Top Secret security clearance. Within weeks of the new DOGE staffers’ arrival in March, he noticed a spate of unusual actions on the NLRB’s database. His primary concerns focus on the tightening up of the multi-factor authentication as well as the disabling of internal alerting systems.
For instance, Berulis traced one such outbound transfer of at least 10 gigabytes or more of data out of the NLRB’s various databases. He called this breach “very, very, very unusual” as data is seldom exported out of the agency’s systems. His disclosure was further bolstered by the inclusion of screenshots. They apparently demonstrate a user trying to access their account from a Russian IP address with incorrect credentials. This login attempt was stopped only because of the user’s physical location.
In his declaration, Berulis stressed the dire consequences of any cybersecurity violations might entail.
“As you are certainly aware, the practical, legal, and national security implications of such an intrusion are vast,” – Andrew Bakaj, lawyer representing Daniel Berulis.
The allegations suggest that DOGE, an agency established under the Trump administration to improve efficiency across government operations, may have unintentionally facilitated a security lapse at the NLRB. How has the White House responded to these allegations? Deputy Press Secretary Anna Kelly focused on the DOGE employees President Trump brought on board by highlighting the increased coordination and data sharing their work has enabled.
“It is months-old news that President Trump signed an Executive Order to hire DOGE employees at agencies and coordinate data sharing,” – Anna Kelly.
Kelly fought passionately for DOGE’s efforts. She claimed that the team has been very open and transparent in ridding waste and fraud from the entire Executive Branch, including the NLRB.
While such pronouncements come from the White House, the NLRB has thus far refused to allow DOGE any inroads to its systems. In response to questions about the incident, an agency spokesperson insisted that an internal investigation determined there was no evidence of a breach taking place within its systems.
Yet Berulis’ disclosure prompts both tech and media industries to examine the proper security protocols at federal agencies, particularly those handling sensitive data. His assertions about what’s been changed or amended within the system fit a far more alarming pattern. Other cybersecurity experts caution that government efficiency efforts might accidentally open up new vulnerabilities.
In his testimony, Berulis outlined the sheer scope of data that may be at risk. He likened it to the former figurative equivalent of an entire full stack of encyclopedias. He said particularly worrisome were the login attempts coming from places like China and North Korea. For all the ones we successfully blocked, their introduction was deeply troubling.
“Those attempts were blocked, but they were especially alarming,” – Daniel Berulis.
The result of these allegations has serious implications for the future of cybersecurity practice and federal oversight. As these investigations move forward, expect greater public scrutiny on how agencies use their privileged access to sensitive systems and data. Risks aside, improving efficiency through initiatives such as DOGE is the way forward. At the same time, we need to support robust cybersecurity initiatives to defend our national interests.