Cyber Security News

U.S DOGE Allegedly Breached – Whistleblower Leaked Most Sensitive Documents

A federal whistleblower has accused the Department of Government Efficiency (DOGE) of orchestrating a major cybersecurity breach at the National Labor Relations Board (NLRB), involving unauthorized data extraction, disabled security protocols, and attempted logins from a Russian IP address.

The whistleblower, a senior DevSecOps architect at the NLRB, has submitted a detailed affidavit to Congress alleging systemic violations that compromised sensitive labor data and enabled potential foreign access.

DOGE personnel were granted “tenant owner” privileges in the NLRB’s Azure cloud systems, giving them unrestricted access to read, copy, and alter data.

Security measures such as multi-factor authentication (MFA) and network monitoring tools were disabled, and logs were systematically deleted to obscure activity.

The whistleblower claims that DOGE used external GitHub tools for web scraping and brute-force operations, tactics typically associated with cybercriminals.

Data Exfiltration and Russian Login Attempts

Approximately 10+ GB of data, equivalent to a full encyclopedia set, was transferred out of the NLRB’s NxGen case management system, which houses sensitive union organizing details, whistleblower identities, and proprietary corporate information.

The exfiltration allegedly occurred via expired authentication tokens and unmonitored containers, bypassing standard encryption protocols.

Within 15 minutes of DOGE account creation, login attempts from a Russian IP address using valid credentials were detected. While blocked by geolocation policies, the attempts raised alarms about potential credential leakage or foreign exploitation.

Azure costs spiked 8% despite no new resource deployments, suggesting ephemeral high-performance virtual machines were spun up temporarily a tactic often used for large-scale data processing.

Meanwhile, the whistleblower received a threatening note taped to their door alongside aerial drone photographs, warning them to cease investigations.

Attempts to report the breach to the Cybersecurity and Infrastructure Security Agency (CISA) were halted by superiors. “Instructions came down to drop the investigation,” the whistleblower stated.

The NLRB denied that any breach occurred, claiming internal reviews found no evidence. However, DOGE later assigned staffers to “collaborate” with the agency, further unsettling employees.

The allegations align with multiple ongoing lawsuits against DOGE for mishandling federal data. Critics argue the group’s mandate to “reduce waste” has enabled unchecked access to sensitive systems, with the whistleblower warning, “This isn’t just about labor data it’s about national security.”

The Senate Intelligence Committee has received the affidavit, but no formal inquiry has been announced.

As DOGE’s activities expand, the case underscores escalating tensions between federal oversight and executive-driven efficiency initiatives.

Malware Trends Report Based on 15000 SOC Teams Incidents, Q1 2025 out!-> Get Your Free Copy

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

NETGEAR Router Flaw Allows Full Admin Access by Attackers

A severe authentication bypass vulnerability (CVE-2025-4978) has been uncovered in NETGEAR’s DGND3700v2 wireless routers, enabling…

12 minutes ago

Operation Endgame Crushes DanaBot Malware, Shuts Down 150 C2 Servers and Halts 1,000 Daily Attacks

Operation Endgame II has delivered a devastating strike against DanaBot, a notorious malware that has…

1 hour ago

Apple XNU Kernel Flaw Enables Attackers to Escalate Privileges

Apple has released urgent security patches addressing CVE-2025-31219, a high-severity vulnerability in its XNU kernel…

1 hour ago

Inside LockBit: Data Leak Reveals Leading Affiliates and How They Operate

A massive data leak from the LockBit ransomware group, published on its hijacked leak site,…

1 hour ago

ViciousTrap Hackers Breaches 5,500+ Edge Devices from 50+ Brands, Turns Them into Honeypots

A sophisticated cyber threat actor, dubbed ViciousTrap by Sekoia.io's Threat Detection & Research (TDR) team,…

1 hour ago

Russian Hacker Indicted Over $24 Million Qakbot Ransomware Operation

The U.S. Department of Justice has unsealed a federal indictment against Rustam Rafailevich Gallyamov, 48,…

3 hours ago