A recent report from National Public Radio (NPR) has detailed alarming allegations of data mishandling and security breaches at the National Labor Relations Board (NLRB). The whistleblower, Daniel Berulis, an information technology (IT) employee with the NLRB, alleges a series of alarming actions taken by Elon Musk’s “Department of Government Efficiency” (DOGE) team. Mr. Berulis’s complaint describes multiple instances of unauthorized system access, suspicious data exportation, and attempts to conceal DOGE’s activities within the NLRB systems. The allegations raise serious concerns about the security of sensitive labor data and the potential for conflicts of interest involving Mr. Musk.
Details of the Whistleblower Allegations
According to the whistleblower, the DOGE team arrived at the agency in March 2025 demanding and receiving “tenant owner level” access to the NLRB’s internal computer systems, granting them virtually unrestricted permission to view, copy, and alter data.
Mr. Berulis reports that this data includes “information about ongoing contested labor cases, lists of union activists, internal case notes, personal information from Social Security numbers to home addresses, proprietary corporate data and more information that never gets published openly.”
Because DOGE received this high-level access without the common security constraints that monitor network activity, Mr. Berulis had limited ability to track any potential breaches in real time. However, Mr. Berulis was later able to put together “puzzle pieces” to track a significant increase of data leaving the NLRB’s network, potentially including sensitive information about union organizing efforts, ongoing legal cases, and confidential corporate secrets. Even when external parties are granted access to such data, it almost never leaves the NLRB system. Additionally, the IT team detected suspicious login attempts from a Russian IP address using one of the newly created DOGE accounts “within minutes” of DOGE accessing the NLRB’s systems, raising further concerns about a potential breach.
Upon reporting his concerns to Congress, the U.S. Office of Special Counsel, which investigates complaints by federal government whistleblowers, and internally to the NLRB, Mr. Berulis experienced suspected acts of retaliation, including someone “physically taping a threatening note” to his door that included sensitive personal information and a photo of him walking his dog.
A Chilling Effect for Workers… and Employers
The possibility that NLRB records may have been copied and exported from the agency may create a severe chilling effect for employees everywhere who turn to the agency for protection.
One expert commented to NPR that these breaches were so severe that if this were “a publicly traded company, I would have to report this [breach] to the Securities and Exchange Commission. The timeline of events demonstrates a lack of respect for the institution and for the sensitivity of the data that was exfiltrated. There is no reason to increase the security risk profile by disabling security controls and exposing them, less guarded, to the internet. They didn’t exercise the more prudent standard practice of copying the data to encrypted and local media for escort.”
The NPR report notes that in addition to creating risks for individuals trying to organize, leaked data may also reveal internal business planning for companies who are facing unfair labor practice complaints, or even trade secrets.
Potential Conflicts of Interest
The report raised that concerns of potential conflicts of interest between Musk and the NLRB, including an ongoing lawsuit between Musk’s company, SpaceX, and the agency in which SpaceX challenges the constitutionality of the NLRB’s structure.
Several lawsuits have been filed DOGE’s activities at other agencies related to its management of Americans’ data, including Social Security information, IRS records, and other agency records.
Help is available for whistleblowers
The Whistleblower Protection Act (WPA) protects federal government employees from certain adverse employment actions that occur because they disclosed information relating to unlawful activities or “gross mismanagement, a gross waste of funds, an abuse of authority, or a substantial and specific danger to public health or safety.”