Overview of the Allegations
Reuters reported on April 15, 2025, that a whistleblower alleged Elon Musk-affiliated technologists calling themselves “U.S. DOGE Service” gained illicit unauthorized access to the National Labor Relations Board and planned a large data breach.
Senior DevSecOps architect Daniel Berulis testified that Cybersecurity Breach at NLRB compromised roughly ten gigabytes of case-management data—whistleblower identities, union-organizing records, and confidential corporate information—were stolen.
Over twenty login attempts from Russian IPs within fifteen minutes were immediately blocked.
Source: Reuters
Origin and Mandate of U.S. DOGE Service
Since President Trump’s return to the White House, the U.S. DOGE Service was created by executive order with the goal of “eliminating waste, fraud, and abuse” across all federal departments, according to PBS NewsHour.
To manage data sharing and perform efficiency studies, DOGE teams were integrated into departments to find the whereabouts of Cybersecurity Breach at NLRB.
Critics have warned that allowing tenant-owner-level access to internal systems without conventional audit trails presents intolerable dangers to confidentiality and integrity, even if it is being framed as a cost-cutting measure.
Technical Breakdown of the Incident
- Elevated Privileges & Logging Suppression: In the NLRB’s Azure cloud environment, DOGE employees allegedly obtained unrestricted “tenant owner” privileges, surpassing even the agency CIO’s access. They were also told to turn off network-watcher monitoring tools and logging, thereby creating a “clean path” for data movement within the infrastructure.
- Data Exfiltration: Internal analytics revealed a 200–300 percent increase in outgoing traffic from the NLRB’s NxGen case-management system, which corresponded to the exfiltration of about 10 GB to an unidentified external destination on March 13, 2025, as stated in the whistleblower’s affidavit.
- Foreign Origin Login Attempts: Multiple login attempts using the correct identities and passwords began just minutes after the account was created, coming from Primorskiy Krai, Russia. This strongly suggests that either DOGE endpoints had already been compromised, or credentials were being purposefully released. Geo-fencing policies prohibited all of them.
Use of Starlink and Supply Chain Concerns
Some of the exfiltrated traffic seemed to flow over Starlink satellite cables, according to lawyer Andrew Bakaj in a PBS interview, indicating a fresh backdoor technique to get beyond terrestrial network monitoring.
This presents wider security issues for satellite communications and the supply chain: current perimeter protections could not be enough if state-sponsored actors are able to use commercial constellations to snoop on government data.
Source: Decan Herald
Whistleblower Intimidation and Retaliation Risks
In addition to technical damage, Berulis found a threatening note and drone-captured photos of himself pinned to his front door on April 7, 2025, according to Reuters, indicating direct personal intimidation.
These strategies emphasize the serious personal risk insiders who dare to reveal high-level cyber misconduct confront, as well as the necessity of strong legal safeguards and prompt relocation and physical security assistance for federal cyber whistleblowers.
Oversight, Investigation, and Executive Interference
The NLRB’s security leadership first reported the incident to US-CERT, a CISA rapid-response team, and even thought about involving the FBI, according to the whistleblower’s filing.
However, between April 3 and 4, 2025, senior officials abruptly stopped those efforts with clear orders to step down. This alleged closure of a formal inquiry threatens to undermine confidence in federal cybersecurity governance and serves as an example of the perils of political influence over cyber event reporting.
How Vehere Can Assist in Cybersecurity Breach at NLRB?
The recent Whistleblower incident involving a major cybersecurity breach National Labor Relations Board (NLRB) by the U.S. DOGE Service highlights the issues of internal threats, leading to data exfiltration.
Tools like Vehere AI Network Security containing NDR platform could have flagged this anomaly, thanks to its behavioural analytics and full-packet visibility.
Here is how Vehere can uphold the Federal infrastructure –
- Full Packet Capture: Vehere AI Network Security detects both North-South and East-West network to point out the hidden data leaks.
- AI-Driven Threat Detection: Identifies anomalous access, privilege abuse, and suppressed logging in real-time
- On-Demand Scanning: The system offers on-demand scans for historical data as per demand, and it comes with no additional cost or setup
- On-Prem Setups: With seamless third-party integrations transparency is maintained 360 degrees
- Behavioural Analytics: Understands usual network behavior and flags deviations before damage occurs.
- Dealing with high-volume traffic: Vehere products are capable of handling high volumes of traffic on the go without using up much of the resources, thereby ensuring the system performance is optimal.
Thus, Vehere AI Network Security provides transparency and proactive threat detection system. It makes the product critical to defend against the advanced government data breaches.
Conclusion
As investigations continue, this episode serves as a stark reminder that well-funded, politically connected teams—even under the guise of “efficiency”—can introduce systemic risks when standard security controls are overridden.
Federal agencies and their contractors must reexamine privilege policies, logging architecture, and reporting safeguards to prevent similar high impact compromises in the future.
Moreover, government should prioritize top-notch network security solutions, offering holistic network visibility both internally and externally. Therefore, to mitigate or predict, Vehere AI Network Security stands tall to keep data locked in the safety box and protect millions of dollars.
Secure your federal architecture today with Vehere — because protecting tomorrow starts now.
Frequently Asked Questions (FAQs)
1. What is the U.S. DOGE Service and why is it controversial?
The U.S. DOGE Service, created by executive order under President Trump’s administration, was intended to eliminate waste, fraud, and abuse in federal departments. However, critics argue that its broad access to sensitive systems without standard auditing practices introduces serious cybersecurity risks.
2. What data was allegedly stolen during the NLRB cybersecurity breach?
According to the whistleblower testimony, approximately 10 gigabytes of sensitive information were exfiltrated, including whistleblower identities, union-organizing records, and confidential corporate case data.
3. How was the breach at NLRB detected?
The breach was identified through anomalies in network traffic, including a 200–300% spike in outgoing data, suspicious login attempts from Russian IP addresses, and irregular activity detected within the NxGen case-management system.
4. What role did Starlink satellites play in the alleged breach?
Reports suggest that some of the exfiltrated data traffic was routed through Starlink satellite communications, potentially offering a new, less detectable path for data exfiltration beyond traditional terrestrial monitoring systems.
5. What actions were taken after the breach was discovered?
Initially, NLRB security officials reported the incident to US-CERT and considered FBI involvement. However, senior officials later ordered an abrupt halt to the investigation, raising concerns about executive interference and transparency.