Democrats worry DOGE may have violated privacy, cybersecurity law in taking NLRB data

Rep. Gerry Connolly (D-VA) speaks at a press conference outside of USAID headquarters on February 03, 2025 in Washington, DC. Connolly co-authored a letter Thursday demanding answers from NLRB on DOGE access to sensitive data.

Rep. Gerry Connolly (D-VA) speaks at a press conference outside of USAID headquarters on February 03, 2025 in Washington, DC. Connolly co-authored a letter Thursday demanding answers from NLRB on DOGE access to sensitive data. Kayla Bartkowski/Getty Images

Featured eBooks
Workforce Tech
Read Now

Customer Experience

Read Now

Identity in Government

Read Now
Insights & Reports
FedRAMP approved, mission-ready
Presented By Socure
Download Now
Keeping the lights on: How agencies can build cyber resilience for critical infrastructure
Presented By OptivClearShark Splunk
Download Now
Natalie Alms By Natalie Alms,
Staff Reporter, Nextgov/FCW

By Natalie Alms

|

Last month, a whistleblower accused DOGE affiliates of using secretive methods to take sensitive data from the National Labor Relations Board.

Democrats in Congress are pursuing new answers concerning the Trump administration and the efforts of billionaire Elon Musk’s Department of Government Efficiency, this time looking into whistleblower accusations that DOGE affiliates exfiltrated sensitive data from the National Labor Relations Board using secretive methods, including shutting off internal alerting and monitoring systems.

NPR first reported the whistleblower disclosure of Daniel Berulis, an NLRB technology employee, last month. He claimed that staffers took data from a case management system at the agency and included forensic data and other records of the situation. He also shared his disclosure with Congress and the Office of Special Counsel. 

The agency denied it gave DOGE access to systems or that a breach occurred in a statement to NPR. 

Rep. Gerry Connolly, D-Va. — the outgoing ranking member of the House Oversight and Government Reform Committee — and Lori Trahan, D-Mass., think the actions may violate privacy and cybersecurity laws, they wrote in a Thursday letter to the NLRB first shared with Nextgov/FCW

“We are concerned that NLRB officials, especially those affiliated with DOGE, may have violated both the Privacy Act and [Federal Information Security Modernization Act],” the letter read, noting that the former carries criminal penalties. Trahan is leading a push to reform the 1970’s-era law, as she says DOGE has challenged its limits. 

FISMA is a cybersecurity law that requires agencies to notify Congress of security incidents and data breaches.

The pair are asking Marvin Kaplin, the NLRB chair, for documents and information — including those produced during an internal investigation into Breulis’ concerns — on which employees have access to NLRB systems and clarification on whether the agency deemed the events as a “major incident” under FISMA.

“NLRB failed to notify Congress even after conducting an internal investigation into the possible breach, demonstrating that you looked into the matter and either did not conclude a ‘major incident’ occurred or failed to comply with FISMA’s reporting requirements,” the letter said. 

The request for more information is the latest effort by Democrats to conduct oversight of Trump 2.0. Connolly said in a press release on the letter that the administration has “stonewalled” efforts to investigate Musk and the administration writ large.

NEXT STORY: FBI awaits signal that Salt Typhoon is fully excised from telecom firms, official says