Did DOGE take sensitive labor data?
08:16 Share

It was a Friday afternoon in February when Daniel Boroulas got a call from his boss. Doge would be arriving soon. I was working on a spreadsheet for some budgeting stuff, and I got a call from my boss saying, hey...

It's possible Doge will show up. Doge is the new federal cost-cutting unit effectively led by billionaire Trump advisor Elon Musk. The following week, according to his official disclosure to Congress, Berulis and his colleagues watched a black SUV with a police escort pull into the parking garage of the National Labor Relations Board in southeast Washington, D.C.,

The small, independent federal agency investigates and adjudicates complaints about unfair labor practices. It stores reams of potentially sensitive data, such as private legal notes in ongoing labor investigations or confidential lists of union organizers. Most of that data lives on the cloud, a virtual computer system that can be accessed remotely.

It is Baroulas' job to watch over the cloud, to make sure no single user has access to data or systems they don't need. But for Doge, those policies and guidelines didn't seem to apply, Baroulas says. They had a very specific request. Do not log the accounts, don't log the access, and stay out of our way. That was just the start for Baroulas and his colleagues. That was a huge red flag.

That's something that you just don't do. It violates every core concept of security and best practice. After his suspicions were raised, Baroulas was able to hunt down a few details about what took place while Doge had access. Baroulas put them all in a whistleblower disclosure to Congress. Now, there's a ton of complicated technical detail, but here's what it says.

There is clear evidence Doge got the highest level access to the system, that a big chunk of data left the agency's internal case management system, followed by another chunk of data leaving the agency itself, and that whoever had done those things had turned off security tools and network monitoring logs. They deleted records and appeared to try to disguise the chunks of data leaving the agency as routine web traffic.

And after the Doge accounts were created, someone with an IP address in Russia started trying to log into the NLRB's system using a username and password that Doge had created. Even though the attempts were blocked, Barula says that made him worried the system was more vulnerable now.

Consider this. Elon Musk's government entity, known as Doge, says it's searching for savings throughout the government. But is the data being accessed valuable in other ways? From NPR, I'm Mary Louise Kelly.

This message comes from Charles Schwab. When it comes to managing your wealth, Schwab gives you more choices, like full-service wealth management and advice when you need it. You can also invest on your own and trade on Thinkorswim. Visit Schwab.com to learn more.

This message comes from NPR sponsor Comcast. Every day, thousands of Comcast engineers and technologists put people at the heart of everything they create. Because when products are designed with people first, they have the power to connect everyone. Visit ComcastCorporation.com to learn more.

This message comes from Rinse. These days, you can do a lot from your phone. Book a vacation, buy and trade stocks, but you can also make your dirty laundry disappear and then reappear washed and folded with Rinse. Schedule a pickup with the Rinse app, and before you know it, your clothes are back, folded, and ready to wear. They even do dry cleaning. Sign up now and get $20 off your first order at Rinse.com. That's R-I-N-S-E dot com.

It's Consider This from NPR. The story that you just heard from Daniel Baroulis, he shared it with my NPR colleague, Jenna McLaughlin. She picks up from here with what happened next. The NLRB tells NPR the agency did not authorize Doge to access their systems and that there's no record of Doge requesting it. They also said there was a recent internal investigation that ruled out a breach.

However, the disclosure includes forensic evidence and records of communications that seem to tell a different story. Why was that done? And that's a purposeful effort. That doesn't just happen. Logs don't just disappear. Tools don't just turn themselves off randomly.

Everything in a computer has a cause and effect. That means it has to have a trigger. NPR has talked to 10 outside cybersecurity experts embedded in companies, government agencies, and the private sector who reviewed Brulis' claims. They say the activity is suspicious and that there's no reason a legitimate user would act this way or remove data that is protected by multiple federal laws, including the Privacy Act.

They say it is hard to definitively prove what happened without further access to the NLRB systems or without an investigation by agencies with more resources, like the FBI. But from what they can see, none of this behavior is normal.

They told NPR the shadowy tactics described in the disclosure are the kinds of things criminals and hackers from China and Russia like to do. Meanwhile, several labor law experts who spoke to NPR say they believe there is no possible reason why Doge should have had access to or removed NLRB's sensitive labor data. There is nothing that I can see about what Doge is doing.

that follows any of the standard procedures for how you do an audit that has integrity and that's meaningful and that will actually produce results. Sharon Block is the director of Harvard Law School's Center for Labor and a Just Economy. She has held key labor policy jobs in multiple administrations, including as a member of the National Labor Relations Board.

She said she thinks Doge's statements about cutting waste and its behavior don't match up. That mismatch between what they're doing and what we know, the established professional way to do what they say they're doing, that just kind of gives away the store that they are not about actually finding more efficient ways for the government to operate.

The concerns aren't limited to just cybersecurity or exposure of union data. For Block and others, one of the most troubling things is that the NLRB has multiple ongoing investigations into Elon Musk's companies, including SpaceX and Tesla.

In a recent interview with Fox News' Sean Hannity, President Trump and Musk said business interests wouldn't pose a conflict. I mean, I haven't asked the president for anything ever. Obviously, I'm getting sort of a daily proctology exam here. You know, it's not like I'll be getting away from something in the dead of night. Neither the White House nor Doge responded to NPR's request for comment. But so far, neither Trump nor Musk has provided evidence of any firewall between Musk and the data Doge has access to.

Musk or anyone else who gets this data could use lists of union leaders to blacklist people or fire them. They could spy on competitors. It could give them big advantages in court or in business. It's not just that he's a random person who's getting access to information that a random person shouldn't have access to.

But if they really did get everything, if that possibility is accurate, then he has information about the case that the government is building against him. After Brulis dug through the agency records, he alerted his colleagues. According to his disclosure, many of them shared his concerns, and they decided they'd launch a breach investigation and call in experts from other agencies to help. The NLRB says those concerns were investigated and it was determined there was no breach.

But Baroulas' disclosure makes clear that it's the possibility of an insider threat that warrants a closer look. It's the removal of evidence of potentially suspicious activity that concerns him. That's part of the reason he decided to speak up. At the end of the day, even if it's logically not the right choice, if it morally compels me, I feel...

I wouldn't be able to live with myself otherwise. To know that this data was out there, it's going to impact these cases. It's going to cost people their real livelihoods. There are now over a dozen court cases revealing how Doge has mishandled sensitive data, from social security databases to treasury payment systems.

A source working on Capitol Hill who requested anonymity to discuss ongoing sensitive investigations says their staff has multiple other whistleblower reports about Doge exfiltrating sensitive data for unknown reasons. I believe with all my heart that this goes far beyond just case data. In other words, it could be social security numbers, private addresses, health care data, immigration status, you name it. Barulis hopes to inspire others to speak up.

That was NPR's Jenna McLaughlin. This episode was produced by Audrey Nguyen and Alejandra Marquez-Hansen. It was edited by Brett Neely. Our executive producer is Sammy Yinnigan. It's Consider This from NPR. I'm Mary Louise Kelly. This message comes from NPR sponsor CFP, certified financial planner professionals committed to acting in their clients' best interests. Learn more at letsmakeaplan.org.

This message comes from Thrive Market. The food industry is a multi-billion dollar industry, but not everything on the shelf is made with your health in mind. At Thrive Market, they go beyond the standards, curating the highest quality products for you and your family while focusing on organic first and restricting more than 1,000 harmful ingredients.

all shipped to your door. Shop at a grocery store that actually cares for your health at thrivemarket.com slash podcast for 30% off your first order plus a $60 free gift. This message comes from Warby Parker. What makes a great pair of glasses? At Warby Parker, it's all the invisible extras without the extra cost, like free adjustments for life. Find your pair at warbyparker.com or visit one of their hundreds of stores around the country.