By Cyber Guard Team 
A whistleblower has raised concerns about a potential data breach at the National Labor Relations Board (NLRB), involving unauthorized access by personnel from Elon Musk’s DOGE agency, which may have led to the exfiltration of sensitive data. The breach is further complicated by attempted logins from a Russian IP address, sparking fears of foreign involvement.
What Happened?
In March 2025, a whistleblower raised alarms about a potential cybersecurity breach at the National Labor Relations Board (NLRB)—the U.S. agency that handles labour and union-related issues. The breach allegedly occurred after personnel from DOGE (Department of Government Efficiency)—a government unit reportedly backed by Elon Musk—were given unusually broad access to NLRB’s internal systems.
The whistleblower, Daniel Berulis, an IT staff member at NLRB, claims that this access led to tampering with system logs and unauthorized copying of sensitive data. He believes around 10GB of critical files—including confidential union activity reports, proprietary business details, and private witness affidavits—were extracted from the system.
When Did It Happen?
- The alleged access and data breach reportedly took place in early March 2025.
The issue came to light through whistleblower reports made public around April 15–17, 2025.
Impact of the Breach
- Sensitive, potentially politically charged labor-related data may have been leaked.
- The breach involves private information about ongoing investigations, employee statements, and corporate practices that were meant to be secure.
- While the full scope isn’t yet verified, the nature of the data makes this a serious breach of trust and security.
The Russia Connection?
- According to the whistleblower, there were attempted logins from a Russian IP address using real NLRB credentials shortly after DOGE personnel accessed the systems.
- Although these attempts were blocked by location-based security controls, the fact that valid credentials were used points to a potential data leak or credential compromise.
- The timing raised concerns about foreign involvement, suggesting that access may have been unintentionally (or intentionally) passed on, or intercepted, by foreign actors—possibly linked to Russian cyber interests.
How Has the Government Responded?
The NLRB denies that any breach occurred.
Elon Musk’s DOGE team and the Cybersecurity and Infrastructure Security Agency (CISA) have not made public statements.
The FBI and key U.S. Senators, including Tom Cotton and Mark Warner, were reportedly contacted but have also not commented.
How Has the Government Responded?
- The NLRB denies that any breach occurred.
- Elon Musk’s DOGE team and the Cybersecurity and Infrastructure Security Agency (CISA) have not made public statements.
- The FBI and key U.S. Senators, including Tom Cotton and Mark Warner, were reportedly contacted but have also not commented.