5 takeaways about NPR's reporting on the whistleblower report about DOGE at the NLRB
Here's a summary of NPR's findings about the report that a whistleblower filed to Congress about how DOGE violated security protocols and could have removed sensitive labor data.
Tim Bearese, the NLRB's acting press secretary, denied that the agency granted DOGE access to its systems and said DOGE had not requested access to the agency's systems. Bearese said the agency conducted an investigation after Berulis raised his concerns but "determined that no breach of agency systems occurred."
When an IT staffer suggested a streamlined process to activate those accounts in a way that would let their activities be tracked, in accordance with NLRB security policies, th
According to the disclosure, someone had disabled controls that would prevent insecure or unauthorized mobile devices from logging on to the system without the proper security settings.
"If he didn't know the backstory, any [chief information security officer] worth his salt would look at network activity like this and assume it's a nation-state attack from China or Russia," said Jake Braun, a former White House cyber official.
Whoever was attempting to log in was using one of the newly created DOGE accounts — and the person had the correct username and password, according to Berulis.
It houses information about ongoing, contested labor cases, lists of union activists, internal case notes, personal information from Social Security numbers to home addresses, proprietary corporate data and more information that never gets published openly. Access to that data is protected by numerous federal laws, including the Privacy Act.
There are multiple ongoing cases involving the NLRB and companies controlled by Musk.
Fed Whistleblowers
CONGRESS lobby app
