Dan Berulis NLRB whistleblower

I do not think Musk’s stated rationale has any additional credibility because it was repeated by anonymous Treasury officials. It's important to understand that “improper” is in the eye of the beholder, and the danger of operational access to the payments system is precisely that there are very little safeguards for its improper use or manipulation.

All thought read only access was extraordinarily dangerous to the country. Unfortunately, my sources also tell me that the subsequent anonymous sources mainstream journalists reported who worked to downplay the situation are not accurate.

Marko Elez, has not only read but write access to BFS servers.

The issue is understanding the specific physical limitations of the system, the way that it interacts with the “Business Logic” of the code and a million other contextual factors.

We are in such a catastrophic situation I do not have the words to describe. It is getting worse and very little is being done. Lawsuits have been launched to stop this on privacy grounds, but we need so much more. Strongly worded letters from congress are not enough.

Tankus said he's been hearing from sources inside the agency who feel there's no one left in the federal government to whom they can report security breaches.

In normal times, I would report insider threats to the appropriate security channels inside the government, but there is no one left for me to report it to."

I don’t think there’s a lot of money to be made in the com,” Rivage lamented. “I’m not buying Heztner [servers] to set up some com VPN.”

May 11, 2024,

The code, using outdated and inexpensive AI models, produced results with glaring mistakes. For instance, it hallucinated the size of contracts, frequently misreading them and inflating their value. It concluded more than a thousand were each worth $34 million, when in fact some were for as little as $35,000.

The Disaster Relief Fund portion of FEMA has migrated their financial management to FEMA GO as well, meaning DOGE has the names, addresses, and social security numbers for anyone who has applied for disaster relief, according to sources within FEMA.

But some of the datasets that Schutt is included in are much more concerning than normal data breaches because they're from stealer logs

But he also might have gotten hacked within the last few months.

If the chairs of congressional committees are not interested in holding hearings that take a serious look at the administration’s actions, the minority members should hold their own oversight panels. This will help shine a spotlight on corruption or abuse of power in the executive branch and put pressure on the administration to act in accordance with the law.

Passing a recissions package does not count — that lets the administration steer the ship when Congress should be behind the wheel.

Indeed, former SSA Acting Commissioner Michelle King resigned in February after refusing to hand over unprecedented amounts of sensitive, protected information—

nterprise Data Warehouse, Numident, Master Beneficiary Record, and Supplemental Security Record.

Beginning around March 14, 2025, DOGE officials were given improper and excessive access to multiple schemas and databases inside the Enterprise Data Warehouse (EDW),

PSNAP and SNAP MI

Additionally, these profiles concerningly included equipment pin access and write access. 36 Equipment pin access means that instead of a user accessing data through a personal pin identifier, which would make the accessor’s actions traceable to a user, an equipment pin i

March 17, 2025, the EDW team discovered that users had been given access to data that was reportedly not authorized through normal approval channels. 38

March 20, 2025, the Social Security Administration received the TRO prohibiting DOGE and its affiliates from access to SSA’s data and revoked VPN access accordingly. 39 The following day, on Friday, March 21, 2025, the EDW team initially complied with proper procedures by revoking data access through the established SAM request process. 40 However, within 24 hours of the court-ordered revocation, DOGE officials appeared to have circumvented the judicial mandate. On the evening of Friday, March 21, 2025, according to information later received by Mr. Borges, senior career EDW officials who have system administrative privileges received instructions to undo the court-ordered access restrictions for two DOGE employees. 41

the requested access was for new and expanded privileges beyond the privileges that were in place at the time of the TRO, totaling forty-two different profiles, including specifically identified privileges that should not have been granted.

This emergency restoration of access raises concerns that the TRO may have been violated and may have also violated federal statutes, potentially including: 18 U.S.C. § 1030 (Computer Fraud and Abuse Act) by facilitating unauthorized access to protected computer systems; 5 U.S.C. § 552a (Privacy Act of 1974) by providing unauthorized access to systems of records containing personally identifiable information without proper justification or approval; 44 U.S.C. § 3551 et seq. (Federal Information Security Modernization Act) by circumventing established security controls and procedures designed to protect federal information systems; 5 U.S.C. Appendix (Inspector General Act) as proper oversight procedures were systematically bypassed, potentially impeding the Inspector General's ability to conduct effective audits and investigations of the agency's operations; and potentially constituted 18 U.S.C. § 371

(Conspiracy) to circumvent a federal court order.

On June 10, 2025, John Solley asked SSA CIO professionals to create a cloud environment 46 to which SSA’s Numerical Identification System or “NUMIDENT” data could be transferred. 47 T

On June 11, 2025, the request appeared to have changed to a request to transfer NUMIDENT to a test environment.

ater that morning, it became clear that DOGE’s request again changed, at this point, they wanted full administrative access to the cloud environment.

ne 10-11 request to have administrative access to “their own Virtual Private Cloud (VPC, “cloud”) within the SSA Amazon Web Services – Agency Cloud Infrastructure (AWS-ACI).”

he requested VPC project does not have an “Authority to Operate (ATO)” 54 to ensure proper security controls are in place;

evelopers (presumably DOGE) planned to import NUMIDENT into the cloud, and because AWS-ACI is an extension of the SSA network, any other SSA production data and PII could also be imported; “unauthorized access to the NUMIDENT would be considered catastrophic impact to SSA beneficiaries and SSA programs” (emphasis added);

Because (DOGE) developers, and not DIS, would have administrative access to this cloud, developers would be able to create publicly accessible services, meaning that they would have the ability to allow public access to the system and therefore the data in the system;

ranting (DOGE) developers administrative access would allow them to initiate any AWS service though agency policy required that only DIS could manage such services, meaning that the developers could install services in the cloud not approved for government use. 55

he risk assessment recommended that the cloud project 1) not use production data, 2

irst, whether DOGE could have administrative access to the requested cloud environment, and second, whether NUMIDENT production data should be moved to this cloud environment.

On June 24, 2025, CIO professionals confirmed that DOGE was given administrative access to the cloud. 60

On June 25, 2025, CIO officials elevated a further developed request to Michael Russo. 61 At this point, it appeared that John Solly was requesting that NUMIDENT production data be copied from an environment managed by DIS, per policy, to the DOGE specific cloud environment that lacked independent security controls, and that this requested access bypassed proper SAM protocol.

In late June 2025, it was reported to Mr. Borges that no verified audit or oversight mechanisms existed over the DOGE cloud environment set up outside of DIS control, and no one outside the former DOGE group had insight into code being executed against SSA’s live production data

On July 15, 2025, Aram Moghaddassi authorized a “Provisional Authorization to Operate” apparently for the NUMIDENT cloud project stating, “I have determined the business need is higher than the security risk associated with this implementation and I accept all risks associated with this implementation and operation.”

Moghaddassi circumvented independent security monitoring and authorized himself to “assume the risk” of holding a copy of the American public’s social security data in a potentially unsecured cloud environment. In reality, it is the American people who assume the risk.

Placing production NUMIDENT data in cloud environments without independent security controls violates these maintenance requirements. This action also potentially violated 18 U.S.C. § 1030, the Computer Fraud and Abuse Act, by facilitating unauthorized access to protected computer systems.

On August 6, 2025, Mr. Borges made internal disclosures to his superiors regarding the concerns outlined above. In that discussion, Mr. Borges commented that re-issuance of Social Security Numbers to all who possess one was a potential worst case outcome, and one of his superiors noted that possibility, underscoring the risk to the public.

On August 11, 2025, Mr. Borges contacted Edward Coristine, John Solly, and Mickie Tyquiengco, the Executive Officer in the OICO Front Office, to request information about data security concerns including: • The safety of SSA datasets in the cloud, particularly the AWS based VPCs between June and July 2025, which would encompass the NUMIDENT cloud project initiated by John Solly on June 10, 2025;

That same day, in response to Mr. Borges’ August 8, 2025 request for information about concerns raised, a CIO employee confirmed that while two cloud access accounts owned by Aaram Moghaddassi were created per SSA policy, they are not managed by the Division of Infrastructure Services (DIS), are self-administered, and include access to both test and live data environments. 67

serves to support Mr. Borges’ reasonable belief that the creation of the DOGE specific, self-administered cloud environment lacking independent security controls and hosting a copy of NUMIDENT constitutes an abuse of authority, gross mismanagement, substantial and specific threat to public health and safety,

Moreover, to date, Mr. Borges has not received a response to his August 7, 2025 request for information from Coristine

Furthermore, Mr. Borges is aware that the Office of General Counsel has advised employees not to respond to his inquiries.

There is panic among the employees," said one of the employees. "My office has been in turmoil since this afternoon's email … people are concerned about the data."

Tim Bearese, the NLRB's acting press secretary, did not respond to NPR's questions about DOGE visiting the agency. Earlier this week, Bearese denied that NLRB granted DOGE access to its systems and said DOGE had not requested access to the agency's systems. Bearese said the agency conducted an investigation after Berulis raised his concerns but "determined that no breach of agency systems occurred."

DogeSA_2d5c3e0446f9@nlrb.microsoft.com

If we are concerned about the security and privacy of Americans’ sensitive data, we need a hearing examining the myriad ways that DOGE is violating cybersecurity and privacy laws and making our personal information easier to steal or use against us.

This perfect storm leaves Americans’ sensitive data vulnerable to breaches, exploitation, and surveillance.  Americans—not private companies, hackers, or Elon Musk and DOGE—deserve to own their data and make the decision about how, where, and if their sensitive information is used.

The governments of the People’s Republic of China, the Russian Federation, North Korea, and Iran conduct persistent cyberattacks against the United States.  China’s President Xi Jinping has made clear that dominating the AI race and achieving global supremacy in biotechnology are critical to future geopolitical power, and obtaining vast troves of Americans’ sensitive data is a key component of his strategy.

Failing to safeguard Americans’ data from these hostile actors would not only be a critical violation of privacy but also a national security catastrophe.

The Administration has spent the past five months weakening our leading cybersecurity and consumer protection agencies and purging the federal watchdogs who ensure government works for the people’s interests.

Today, Rep. Stephen F. Lynch, Acting Ranking Member of the Committee on Oversight and Government Reform, sent a letter to Microsoft Chief Executive Officer Satya Nadella requesting information and documents in Microsoft’s possession regarding reports that individuals associated with Elon Musk’s Department of Government Efficiency (DOGE) attempted to remove sensitive information from the National Labor Relations Board (NLRB), raising serious concerns of technology-related misconduct.