Accessibility links
Whistleblower details how DOGE may have taken sensitive NLRB data A whistleblower tells Congress and NPR that DOGE may have taken sensitive labor data and hid its tracks. "None of that ... information should ever leave the agency," said a former NLRB official.

Technology

< A whistleblower's disclosure details how DOGE may have taken sensitive labor data

A whistleblower’s disclosure details how DOGE may have taken sensitive labor data

Transcript
  • Download
  • <iframe src="https://www.npr.org/player/embed/nx-s1-5355896/nx-s1-5421398-1" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

MARY LOUISE KELLY, HOST:

President Trump's Department of Government Efficiency team, or DOGE, appears to be collecting sensitive data from all over the government. A whistleblower has come forward by filing an official disclosure to Congress. The disclosure is over concerning activity at one independent federal agency - the National Labor Relations Board. NPR's Jenna McLaughlin spoke to that whistleblower. He described to NPR what he saw and how DOGE appeared to go to great lengths to try to cover its tracks.

JENNA MCLAUGHLIN, BYLINE: It was a Friday afternoon in February when Daniel Berulis got a call from his boss. DOGE, the new federal cost-cutting unit, effectively led by billionaire Trump adviser Elon Musk, would be arriving soon.

DANIEL BERULIS: I was working on a spreadsheet for some budgeting stuff, and I got a call from my boss saying, hey, it's possible DOGE will show up.

MCLAUGHLIN: The following week - according to his official disclosure to Congress - Berulis and his colleagues watched a black SUV with a police escort pull into the parking garage of the National Labor Relations Board in Southeast Washington, D.C. The small, independent federal agency investigates and adjudicates complaints about unfair labor practices. It stores reams of potentially sensitive data, such as private legal notes in ongoing labor investigations or confidential lists of union organizers.

Most of that data lives on the Cloud, a virtual computer system that can be accessed remotely. It's Berulis' job to watch over the cloud and make sure no single user has access to data or systems they don't need. But for DOGE, those policies and guidelines didn't seem to apply, Berulis says. They had a very specific request.

BERULIS: Do not log the accounts. Don't log the access and stay out of our way.

MCLAUGHLIN: That was just the start for Berulis and his colleagues.

BERULIS: That was a huge red flag. That's something that you just don't do. It violates every core concept of security and best practice.

MCLAUGHLIN: After his suspicions were raised, Berulis was able to hunt down a few details about what took place while DOGE had access. In his disclosure to Congress, there's a ton of complicated technical detail. But here's what it says.

There's clear evidence DOGE got the highest level of access to the system, that a big chunk of data left the agency's internal case management system, followed by another chunk of data leaving the agency itself and that whoever had done those things had turned off security tools and network monitoring logs. They deleted records and appeared to try and disguise the chunks of data leaving the agency as routine web traffic. And after the DOGE accounts were created, someone with an IP address in Russia started trying to log in to the NLRB system, using a username and password that DOGE had created. Even though the attempts were blocked, Berulis says that made him worried the system was more vulnerable now.

The NLRB tells NPR the agency did not authorize DOGE to access their systems, and that there's no record of DOGE requesting it. They also said there was a recent internal investigation that ruled out a breach. However, the disclosure includes forensic evidence and records of communications that seem to tell a different story.

BERULIS: Why was that done? And that's a purposeful effort. That doesn't just happen. Logs don't just disappear. Tools don't just turn themselves off randomly. Everything in a computer has a cause and effect. That means it has to have a trigger.

MCLAUGHLIN: NPR has talked to 10 outside cybersecurity experts - embedded in companies, government agencies and the private sector - who reviewed Berulis' claims. They say the activity is suspicious and that there's no reason a legitimate user would act this way or remove data that is protected by multiple federal laws, including the Privacy Act. They say it is hard to definitively prove what happened without further access to the NLRB systems or without an investigation by agencies with more resources, like the FBI. But from what they can see, none of this behavior is normal. They told NPR the shadowy tactics described in the disclosure are the kinds of things criminals and hackers from China and Russia like to do. Meanwhile, several labor law experts who spoke to NPR say they believe there's no possible reason why DOGE should have had access to or removed NLRB's sensitive labor data.

SHARON BLOCK: There is nothing that I can see about what DOGE is doing that follows any of the standard procedures for how you do an audit that has integrity and that's meaningful and that will actually produce results.

MCLAUGHLIN: Sharon Block is the director of Harvard Law School Center for Labor and a Just Economy. She has held key labor policy jobs in multiple administrations, including as a member of the National Labor Relations Board. She said she thinks DOGE's statements about cutting waste and its behavior don't match up.

BLOCK: That mismatch between what they're doing and what we know the established professional way to do what they say they're doing - that just kind of gives away the store - that they are not about actually finding more efficient ways for the government to operate.

MCLAUGHLIN: The concerns aren't limited to just cybersecurity or exposure of union data. For Block and others, one of the most troubling things is that the NLRB has multiple ongoing investigations into Elon Musk's companies, including SpaceX and Tesla. In a recent interview with Fox News' Sean Hannity, President Trump and Musk said business interests wouldn't pose a conflict.

(SOUNDBITE OF TV SHOW, "FOX NEWS")

ELON MUSK: I mean, I haven't asked the president for anything ever. Obviously, I'm getting a sort of a daily proctology exam here. You know, it's not like I'll be getting away from something in the dead of night.

MCLAUGHLIN: Neither the White House nor DOGE responded to NPR's request for comment. But so far, neither Trump nor Musk has provided evidence of any firewall between Musk and the data DOGE has access to. Musk or anyone else who gets this data could use lists of union leaders to blacklist people or fire them. They could spy on competitors. It could give them big advantages in court or in business.

BLOCK: It's not just that he's a random person who's getting access to information that a random person shouldn't have access to but that if they really did get everything, if that possibility is accurate, then he has information about the case that the government is building against him.

MCLAUGHLIN: After Berulis dug through the agency records, he alerted his colleagues. According to his disclosure, many of them shared his concerns, and they decided they'd launch a breach investigation and call in experts from other agencies to help. The NLRB says those concerns were investigated, and it was determined there was no breach. But Berulis' disclosure makes clear that it's the possibility of an insider threat that warrants a closer look. It's the removal of evidence of potentially suspicious activity that concerns him. That's part of the reason he decided to speak up.

BERULIS: At the end of the day, even if it's logically not the right choice, if it morally compels me, I feel I wouldn't be able to live with myself otherwise. To know that this data was out there - it's going to impact these cases. It's going to cost people their real livelihoods.

MCLAUGHLIN: There are now over a dozen court cases revealing how DOGE has mishandled sensitive data - from social security databases to Treasury payment systems. A source working on Capitol Hill, who requested anonymity to discuss ongoing sensitive investigations, says their staff has multiple other whistleblower reports about DOGE exfiltrating sensitive data for unknown reasons.

BERULIS: I believe, with all my heart, that this goes far beyond just case data.

MCLAUGHLIN: In other words, it could be Social Security numbers, private addresses, health care data, immigration status, you name it. Berulis hopes to inspire others to speak up. Jenna McLaughlin, NPR News.

Copyright © 2025 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

Accuracy and availability of NPR transcripts may vary. Transcript text may be revised to correct errors or match updates to audio. Audio on npr.org may be edited after its original broadcast or publication. The authoritative record of NPR’s programming is the audio record.