A federal cybersecurity specialist has alleged in a whistleblower statement made public Tuesday that President Donald Trump’s Department of Government Efficiency (DOGE) caused a security breach at the National Labor Relations Board and may have illegally removed sensitive data from the board.

The specialist, Daniel Berulis, made the allegations in a sworn declaration submitted to members of Congress and to a federal whistleblower office, asking them to investigate what he called a cybersecurity breach. His lawyer said that Berulis had also been targeted with a threatening note and photographs showing him near where he lives. The declaration was first reported by NPR, and NBC News has not independently verified the allegations.  

The whistleblower report, which NBC News has reviewed a copy of, comes as DOGE and Trump’s billionaire adviser Elon Musk continue to face multiple lawsuits questioning their access to computer systems across the federal government.  

Berulis, who works at the labor board, wrote in the declaration that within days of DOGE staffers arriving in March, he noticed a series of “anomalous” events in the board’s computer systems. Those included changes to the use of multi-factor authentication, which is a widely used security protocol, and internal alerting systems being switched off, he wrote in the 14-page statement.  

He also wrote that he tracked what appeared to be the outbound transfer of around 10 gigabytes or more of data — “the equivalent of a full stack of encyclopedias” if the data were all text files, he wrote. He wrote that the removal was “extremely unusual because data almost never directly leaves NLRB’s databases.”   

The database accessed by DOGE contained personally identifiable information of “claimants and respondents with pending matters before the agency” as well as confidential business information gathered during investigations, he wrote. 

He added that after DOGE gained access to the labor board’s systems, there was an increase in attempted logins from locations outside the United States including from a user with an internet protocol (IP) address in Russia. He wrote that the person with the Russian IP address appeared to have a correct username and password, created minutes earlier by DOGE engineers, and was blocked from logging in only because of their location. 

“Those attempts were blocked, but they were especially alarming,” Berulis wrote. 

Berulis included in his disclosure several screenshots from a computer workstation that he says are evidence of data being transferred. He wrote that he has almost two decades of experience in his field and that he has held a Top Secret security clearance.  

Anna Kelly, a White House deputy press secretary, said in a statement that DOGE had been transparent about its work at the NLRB.  

“It is months-old news that President Trump signed an Executive Order to hire DOGE employees at agencies and coordinate data sharing,” she said. “Their highly-qualified team has been extremely public and transparent in its efforts to eliminate waste, fraud, and abuse across the Executive Branch, including the NLRB,” she added. Her statement did not address the alleged transfer of data.  

The NLRB and Musk did not immediately respond to requests for comment. In a comment to NPR, an NLRB spokesperson denied that the agency had granted DOGE access to its systems, said DOGE had not requested access to the agency’s systems and said that an internal investigation conducted after Berulis raised his concerns “determined that no breach of agency systems occurred.”  

In litigation about DOGE’s access to federal data, although not specifically at the NLRB, the Justice Department has argued that DOGE enjoys sweeping authority to access data under an executive order that Trump signed on the first day of his second term. That executive order directs all agency heads to “take all necessary steps” to ensure that DOGE “has full and prompt access to all unclassified agency records, software systems, and IT systems” to the “extent consistent with law.”

It was not immediately clear if Berulis’ disclosure would lead to an investigation. Two lawmakers to whom Berulis addressed his disclosure did not immediately respond to requests for comment.  

Andrew Bakaj, a lawyer representing Berulis in his capacity as a whistleblower, wrote in a letter to members of Congress that he believed the conduct at issue violated the Federal Information Security Modernization Act, a 2014 law designed to safeguard government data, as well as the federal Privacy Act.

“As you are certainly aware, the practical, legal, and national security implications of such an intrusion are vast,” Bakaj wrote.  

The lawyer also wrote that on April 7, while Berulis was preparing his written statement, someone physically taped a threatening note to his home door along with photographs taken via a drone of him walking in his neighborhood.   

“The threatening note made clear reference to this very disclosure he was preparing for you, as the proper oversight authority. While we do not know specifically who did this, we can only speculate that it involved someone with the ability to access NLRB systems,” Bakaj wrote.