A federal whistleblower “Daniel Berulis”, A senior DevSecOps architect has allegedly sent a affidavit document of a U.S DOGE significant data breach at the National Labor Relations Board (NLRB), claiming that personnel from the Department of Government Efficiency (DOGE) accessed sensitive data, potentially compromising critical systems. The whistleblower’s claims were first highlighted in a detailed thread posted on X by cybersecurity expert Matt Johansen today described the disclosure as “one of the most disturbing cybersecurity disclosures I’ve ever read,” alleging that DOGE personnel accessed NLRB systems, extracted large volumes of data, and that login attempts from Russian IP addresses using valid DOGE credentials followed shortly after. The whistleblower, identified as Daniel Berulis, a senior DevSecOps architect at the NLRB, alleged that DOGE personnel disabled critical security protocols, including logging mechanisms and network monitoring tools like Azure’s network watcher. Berulis reported a significant spike of over 10 gigabytes of outbound traffic from the NLRB’s NxGen case management system, which houses sensitive information such as union organizing activities, employee whistleblower identities, and proprietary business data. Most concerning, Berulis claimed that within 15 minutes of DOGE accounts being created, attackers from Russia attempted to log into NLRB systems using the correct usernames and passwords of these newly created accounts. “They were to be given what are referred to as “tenant owner” level accounts, with essentially unrestricted permission to read, copy, and alter data.” whistleblower stated in the Document. Connolly of the House Committee on Oversight and Government Reform DOGE that staff were granted unprecedented “tenant owner” level access to NLRB’s Azure cloud systems. Whistleblower also says that they received a call during which an ACIO stated instructions were given that standard operating procedures (SOP) were not to be followed regarding the doge account creation and the creation of records. Posts linked to the trending topic “Cybersecurity at the NLRB” have speculated about DOGE’s intentions, with some suggesting deliberate malfeasance or conflicts of interest, given DOGE leader Elon Musk’s involvement with companies like SpaceX and Tesla, which face ongoing NLRB investigations.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 18 Apr 2025 09:15:32 +0000