U.S DOGE Allegedly Breached – Whistleblower Leaked Most Sensitive Documents

A federal whistleblower has accused the Department of Government Efficiency (DOGE) of orchestrating a major cybersecurity breach at the National Labor Relations Board (NLRB), involving unauthorized data extraction, disabled security protocols, and attempted logins from a Russian IP address.

The whistleblower, a senior DevSecOps architect at the NLRB, has submitted a detailed affidavit to Congress alleging systemic violations that compromised sensitive labor data and enabled potential foreign access.

DOGE personnel were granted “tenant owner” privileges in the NLRB’s Azure cloud systems, giving them unrestricted access to read, copy, and alter data.

Security measures such as multi-factor authentication (MFA) and network monitoring tools were disabled, and logs were systematically deleted to obscure activity.

The whistleblower claims that DOGE used external GitHub tools for web scraping and brute-force operations, tactics typically associated with cybercriminals.

THREAD: A federal whistleblower just dropped one of the most disturbing cybersecurity disclosures I’ve ever read.
He’s saying DOGE came in, data went out, and Russians started attempting logins with new valid DOGE passwords
Media’s coverage wasn’t detailed enough so I dug… pic.twitter.com/wY2OU16TI9
— Matt Johansen (@mattjay) April 18, 2025

Data Exfiltration and Russian Login Attempts

Approximately 10+ GB of data, equivalent to a full encyclopedia set, was transferred out of the NLRB’s NxGen case management system, which houses sensitive union organizing details, whistleblower identities, and proprietary corporate information.

U.S DOGE Allegedly Breached - Whistleblower Leaked Most Sensitive Documents 3

The exfiltration allegedly occurred via expired authentication tokens and unmonitored containers, bypassing standard encryption protocols.

Within 15 minutes of DOGE account creation, login attempts from a Russian IP address using valid credentials were detected. While blocked by geolocation policies, the attempts raised alarms about potential credential leakage or foreign exploitation.

The most daming claim in this statement IMO:
Within 15 minutes of DOGE accounts being created…
Attackers in Russia tried logging in using those new creds.
Correct usernames and passwords.
2 options here. The DOGE device was hacked. And I don’t think I need to explain the 2nd. pic.twitter.com/02j1zQUyWL
— Matt Johansen (@mattjay) April 18, 2025

Azure costs spiked 8% despite no new resource deployments, suggesting ephemeral high-performance virtual machines were spun up temporarily a tactic often used for large-scale data processing.

Meanwhile, the whistleblower received a threatening note taped to their door alongside aerial drone photographs, warning them to cease investigations.

Attempts to report the breach to the Cybersecurity and Infrastructure Security Agency (CISA) were halted by superiors. “Instructions came down to drop the investigation,” the whistleblower stated.

The NLRB denied that any breach occurred, claiming internal reviews found no evidence. However, DOGE later assigned staffers to “collaborate” with the agency, further unsettling employees.

The allegations align with multiple ongoing lawsuits against DOGE for mishandling federal data. Critics argue the group’s mandate to “reduce waste” has enabled unchecked access to sensitive systems, with the whistleblower warning, “This isn’t just about labor data it’s about national security.”

The Senate Intelligence Committee has received the affidavit, but no formal inquiry has been announced.

As DOGE’s activities expand, the case underscores escalating tensions between federal oversight and executive-driven efficiency initiatives.

Malware Trends Report Based on 15000 SOC Teams Incidents, Q1 2025 out!-> Get Your Free Copy

Source link