The National Labor Relations Board (NLRB) serves an important purpose as part of the federal government. The watchdog for unfair labor practices, the NLRB responds to complaints with investigations, negotiations, and rulings. It also serves as a repository for union and corporate strategies, secrets, and protocols. According to a whistleblower, the agency's information and security may have been compromised.
The recent visit from the Department of Government Efficiency (DOGE) left security experts concerned over the refusal to have their movements in the NLRB's systems logged, a spike in unexplained outbound data traffic, a program with a name suggesting it provided backdoor entry to the NLRB's internal case management systems found on the public GitHub account of a DOGE engineer, and a threatening note left on the door of an employee who was preparing to request an investigation.
The case information at the NLRB is private, sensitive, and protected by the Privacy Act of 1974. Given the red flags that DOGE's behavior raised while at the NLRB, many cybersecurity experts see cause to be alarmed.
Suspicious Activity
While the administration has yet to define his actual role, Elon Musk is considered to be deeply involved in the running of DOGE. This presents conflicts of interest as Musk's companies have numerous government contracts and are involved with the NLRB in several ongoing cases. In theory, private data from those opposing Musk's companies in NLRB cases could have been mined during their visit.
For whistleblower Daniel Berulis, a member of the NLRB information technology (IT) staff, DOGE's behavior was off from the start when they arrived in early March of 2025. According to Berulis' report to Congress, DOGE staffers demanded top-level access and refused to allow their accounts and their movements within the NLRB systems to be tracked. This, he indicated, was unheard of and a tremendous red flag. A series of suspicious login attempts from a Russian IP on a newly minted DOGE account using the correct username and password caused further concern.
A few days later, Berulis discovered a project on a DOGE staffer's public GitHub account called "NxGenBdoorExtract." Since NxGen is the name of the NLRB's internal case management system and "BdoorExtract" could indicate a backdoor into a system that allows data extraction, Berulis became more alarmed but had no authority to interact with DOGE employees.
Labored Relations
After DOGE left, Berulis reported that initially he could find very little evidence of what they'd been up to. He then discovered a spike showing a sizable chunk of data leaving the NxGen system, which was extremely unusual. Further investigation showed that a now-deleted account had erased the logs used to monitor outward traffic from NxGen.
The IT team, concerned over what DOGE might have done, began preparing a request for assistance from the Cybersecurity and Infrastructure Security Agency (CISA). That effort was disrupted, and a few days later, Berulis found an envelope taped to his office door. Inside was a printed letter that contained an overhead picture of him walking his dog, threatening language, and personal information.
Berulis responded by coming forward publicly as a whistleblower while continuing his investigation. In addition to what he'd already learned, he uncovered the following:
- An unknown user gave themselves a high-level access key before later deleting it
- Controls to prevent unauthorized or insecure mobile devices had been disabled
- There was public internet access given to an interface that could allow access for anyone
- Alarms and internal monitors within the NLRB systems had been manually turned off
- Access requiring multi-factor authentication had been disabled
- A file with contact information for attorneys who had worked with the NLRB had been exported
- Several downloaded programs that appeared designed to automate and hide data exfiltration
While DOGE has stated that it's focused on improving the performance of the federal government, it's unclear how case files from the NLRB would advance that goal. This adds to growing concerns that DOGE's cuts of tech experts will leave the government vulnerable to cyberattacks and hacking.
Whistleblower Protections
Berulis, who reports he has already been threatened, is protected from retaliation under federal law, as are all whistleblowers. Specifically, the Whistleblower Protection Act protects federal employees who report wrongdoing. Other laws protect whistleblowers from retaliation by private employers, as well.
Related Resources
- What Is the Unitary Executive Theory? (FindLaw's Law and Daily Life)
- What Is the "Reasonable Expectation of Privacy?" (FindLaw's Learn About the Law)
- Separation of Powers Under the U.S. Constitution (FindLaw's U.S. Constitution Center)
