In March 2025, a massive cybersecurity breach at the National Labor Relations Board (NLRB) sent shockwaves through federal agencies. At the center of the controversy is the Department of Government Efficiency (DOGE), a Musk-backed task force originally created to streamline bureaucratic inefficiencies. Daniel Berulis, a senior IT specialist at the NLRB, has come forward with explosive allegations that DOGE operatives—granted administrative access to the NLRB’s systems—quietly exfiltrated more than 10GB of sensitive data.
This data included classified whistleblower reports, confidential union dispute records, private employer filings, and internal agency communications. According to Berulis, system logs were altered to hide digital footprints, and one login attempt traced to a Russian IP address used valid credentials, indicating that insider knowledge may have been compromised or shared.
Though geofencing protocols successfully blocked the foreign IP, the incident underscores the high-stakes vulnerabilities posed by politically empowered units operating outside normal federal cybersecurity procedures.
What Is DOGE and Why It’s Under Fire
The Department of Government Efficiency (DOGE) was launched during Donald Trump’s second term as a “lean government” task force aimed at cutting red tape and reimagining how federal agencies operate. But what began as a modernization initiative has rapidly evolved into an agency with sweeping authority and unprecedented access.
DOGE operatives have embedded themselves in key federal institutions—including the Department of Labor, Federal Trade Commission, and Securities and Exchange Commission—where they’ve conducted audits, reviewed internal systems, and reportedly accessed sensitive case files. While DOGE frames this as agile governance, critics argue it’s something else: a legally ambiguous operation with minimal oversight and unclear lines of accountability.
Internal reports show that DOGE personnel at the NLRB were granted full backend access for what was described as an “IT audit.” However, several cybersecurity officers within the agency raised alarms about the lack of vetting, proper credentials, and opaque protocols. These concerns were reportedly overruled by senior political appointees.
Observers now worry that DOGE is not just a task force—but a stealth government apparatus operating without the legal or technical safeguards that usually apply to federal IT actors.
Political Tensions and Legal Ramifications
The breach has ignited a firestorm across Washington, intensifying the political debate surrounding DOGE’s true purpose. The Communications Workers of America (CWA), one of the largest labor unions in the U.S., has filed a federal lawsuit accusing DOGE of unlawful surveillance and data theft. The union alleges that the breach has not only compromised sensitive case files but also eroded trust in the institutions meant to protect labor rights.
“This isn’t just a breach of protocol—it’s a violation of trust between workers and the institutions meant to protect them,” said the union’s lead counsel during a press conference.
In a parallel development, former FTC officials have warned that DOGE’s broad access to non-public market data—including merger filings and antitrust casework—could be misused for political or financial leverage. Senator Ron Wyden has called for emergency Senate hearings, describing DOGE as “a shadow surveillance agency masquerading as a reform task force.”
The Government Accountability Office (GAO) has launched an official investigation into DOGE’s data governance practices, access privileges, and contractor affiliations.
Cybersecurity Risks of DOGE’s Unchecked Access
The NLRB breach is more than a technical failure—it reveals systemic risks tied to insider access and the lack of enforceable cybersecurity standards within politically driven task forces.
DOGE’s systems deployed at the NLRB were never certified under FedRAMP, the federal government’s standardized security framework for cloud services. This means they bypassed critical safeguards such as penetration testing, data encryption benchmarks, and ongoing threat assessments.
Even more concerning, portions of DOGE’s digital infrastructure were reportedly managed by contractors linked to Elon Musk’s private companies, including SpaceX and X.AI. This raises not only ethical concerns about potential conflicts of interest but also logistical questions about where federal data may be flowing and whether private firms are inadvertently gaining access to restricted government datasets.
During DOGE’s NLRB deployment, server logs were overwritten and restructured—a tactic cybersecurity experts recognize as a hallmark of internal sabotage. Without logs, investigators struggle to determine what data was viewed, copied, or extracted.
The Insider Threat: A Hidden Weakness
Insider threats are among the most dangerous cybersecurity risks. Unlike external hackers, insiders have legitimate credentials, which allows them to operate under the radar of many security tools. This can be a disgruntled employee, a careless contractor, or in this case, operatives empowered by political mandate but lacking cybersecurity vetting.
When such actors have access to classified or legally protected files, they can extract and traffic that information without triggering alarms. Data harvested in such breaches can be sold on the dark web—often through anonymous networks like Tor or via cryptocurrencies like Monero. Common targets include Social Security numbers, legal case strategies, whistleblower identities, and internal memos—all of which can fetch significant value on illicit marketplaces or be used for blackmail, corporate espionage, or disinformation campaigns.
A 2023 report by CISA found that 40% of major data breaches in federal agencies involved an insider component, often enabled by lax access controls or weak inter-agency coordination.
The DOGE breach fits this mold: full access was granted without audit logs, third-party contractors were present, and the data that vanished was high-value and legally sensitive.
The Bigger Picture: When Efficiency Overrides Privacy
DOGE’s defenders insist the program is an antidote to bloated federal bureaucracy, arguing that the rapid deployment of tech solutions is essential for government innovation. But critics say that efficiency without accountability is a security threat in itself.
Multiple whistleblowers across other federal agencies have described similar patterns: DOGE personnel overriding permissions, accessing legally protected documents without a warrant, and editing digital logs to cover their tracks. In one case at OSHA, DOGE reportedly reviewed whistleblower complaint files and altered metadata without authorization—actions that, if verified, would constitute criminal violations under federal data protection laws.
The fundamental question becomes: how much operational freedom should politically appointed tech teams be allowed? And what checks exist when those teams begin operating across multiple agencies with vague reporting structures?
For many, the DOGE situation signals the rise of a new kind of government threat—not from adversarial nation-states, but from within.
What’s Next?
With lawsuits pending, investigations underway, and political pressure mounting, DOGE’s future is uncertain. Several lawmakers from both parties have endorsed a temporary suspension of all DOGE activities pending the outcome of a comprehensive cybersecurity audit.
Meanwhile, federal watchdogs are pushing for the following immediate actions:
- Revocation of DOGE’s admin privileges across all federal systems
- Re-certification of all DOGE-deployed tools under FedRAMP and NIST standards
- Mandatory disclosure of all third-party contractors affiliated with DOGE
- Real-time logging and audit enforcement for all cross-agency access
Until those steps are taken, cybersecurity experts warn that federal networks remain at risk. For the federal workforce, this breach is not merely a technological incident—it is a warning. When accountability is sidelined in favor of political expediency, the consequences extend far beyond a single agency.
The public must now contend with a deeply unsettling reality: some of the most dangerous cybersecurity vulnerabilities may be operating from behind the firewall, not outside it.
