Data Privacy,
Data Security,
Government
Whistleblower Alleges Russia-linked IP Address Attempted Access During DOGE Data Breach
A federal whistleblower has raised significant allegations against staff members of Elon Musk’s cost-reduction initiative, suggesting they engaged in the unauthorized collection of sensitive data from the National Labor Relations Board (NLRB). The complaint likens some of their methods to those typically employed by cybercriminals, raising serious ethical and legal questions.
Following their arrival at the NLRB in March, staff from the Department of Government Efficiency began accessing confidential federal databases, prompting investigations into their motives and the information they sought. The NLRB oversees the vast repositories of sensitive data related to American businesses and taxpayers, which are protected by stringent privacy laws and security measures.
According to the whistleblower complaint, shared with Congress and initially reported by NPR, DOGE staff members deliberately violated established security protocols. They allegedly deleted access logs, disabled tracking systems, and made efforts to obscure their digital activities. Concerns escalated when unusual login attempts were detected from a Russia-based IP address, raising further alarms among NLRB employees.
While the White House has defended DOGE’s exploration of federal data, the agency continues to face scrutiny regarding legal challenges and warnings from cybersecurity experts regarding potential vulnerabilities. The NLRB’s acting press secretary categorically denied the allegations, stating that DOGE was never granted access and that an internal audit found no breach of agency systems.
Whistleblower Daniel Berulis expressed uncertainty over DOGE’s intentions with the data accessed, indicating that the scope of their activity could imply serious risks to national security. He described the situation as alarming, implicating that their actions represented a broader threat than initially perceived. The complaint outlines that abuse of access was facilitated by agency IT instructions discouraging intervention in DOGE’s actions, thus allowing them to circumvent security measures.
Furthermore, Berulis reported receiving a “threatening note” accompanied by photographs taken of him without consent. This escalation in harassment has drawn attention from both his colleagues and security analysts, who have begun documenting instances of security protocol breaches attributed to DOGE in various federal entities.
The ongoing investigation at the NLRB involves several cases related to Musk’s companies, with SpaceX recently filing a lawsuit that challenges the agency’s regulatory authority. Although Musk has committed to recusing himself from any matters involving his businesses, evidence remains absent regarding his compliance in the context of the alleged data access by DOGE.
