Workforce

NLRB whistleblower’s attorney speaks on DOGE, the shedding of federal IT leaders

Andrew Bakaj, a whistleblower attorney for NLRB IT staffer Daniel J. Berulis, discusses the disclosure process, Congress’ role in protecting federal data and more.

By Rebecca Heilweil

May 5, 2025

Listen to this article

0:00

This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.

Employees and supporters of USAID gather to protest DOGE and federal workforce cuts outside of agency headquarters on Feb. 3, 2025 in Washington, D.C. (Photo by Kevin Dietsch/Getty Images)

Last month, a whistleblower named Daniel J. Berulis submitted a highly concerning report to Congress about his experiences with the Department of Government Efficiency during his work as an IT staffer at the National Labor Relations Board.

DOGE, he said, had arrived at his agency and possibly enabled a breach exposing government data while they were accessing NLRB systems. Alarmingly, Berulis saw evidence that NLRB information was being accessed by users in Russia in near real-time. While he was preparing his report, Berulis said he was threatened: Someone taped a note to the front door of his home that referenced his disclosure as well as photographs of him recorded via drone.

Nonprofit legal assistance organization Whistleblower Aid has stepped in to represent Berulis and support his disclosure. Andrew Bakaj, the chief legal counsel at Whistleblower Aid, told FedScoop that the organization has since seen more outreach, with people asking questions about the whistleblower disclosure process.

“The worst-case nightmare scenario is that this is beyond NLRB,” Bakaj said. “This is happening in multiple agencies where DOGE has been, and that — whether it was intentional or by accident, sloppiness, etc. — foreign intelligence and our adversaries gained access into our critical infrastructure.”

Bakaj, a former intelligence officer himself, would not comment on Berulis’ current role and only said that his client was assisting in an ongoing investigation into what occurred at the NLRB. He chatted with FedScoop about the whistleblower process, the role of Congress in protecting federal data, and the impact of losing chief information officers across the government.

This interview has been edited for clarity and length.

FedScoop: Can you talk a little bit about what happened with Daniel Berulis at the NLRB? What systems and data seemed to be accessed?

Andrew Bakaj: The bottom line is that [Daniel Berulis] learned from his superiors that DOGE was going to be coming into the agency. [He learned] they were all supposed to be in their seats because [DOGE members] were going to be showing up. …

What really caught his attention at first was how data was being exfiltrated from the agency, overnight, at one point in time. [It was] a significant amount of data. The reason why that’s important is because these were all text files. It’s one thing if it were images or videos, because that’s obviously a heavier weight [and] requires more capacity. But these are all text files, so it could be as much as an entire encyclopedia’s worth of data that left the agency.

FS: What’s the line between questionable practices and something that needs to be disclosed by a whistleblower?

AB: They were told not to monitor what DOGE was doing [and] they were not supposed to log their activities, etc. That’s a huge red flag. When you have the fact that data was being exfiltrated — it was a huge blip on the timeline there — combined with the fact that in near real time, somebody or something from Russia tried to access the internal database using the correct username and password.

Because of the fact that it was coming from Russia, the NLRB tech staff saw that this was an anomaly and they were able to stop it. But that was the final failsafe, because somebody did, in fact, have the proper credentials to log in. You put that all together and that is a significant cause for concern.

FS: One of the things the disclosure says at the bottom is that this is a best guess at what might have occurred. Can you talk a little bit about the nightmare scenario given what was seen in these systems?

AB: The worst-case nightmare scenario is that this is beyond NLRB. This is happening in multiple agencies where DOGE has been, and that, whether it was intentional or by accident, sloppiness, etc., that foreign intelligence and our adversaries gained access into our critical infrastructure.

I’ve had contact, actually, with people who would like to blow the whistle, but frankly, a lot of people are afraid to come forward, right?

FS: We’re seeing a lot of turnover in the CIO role in the federal government. I’m curious if you can talk about the role of the CIO in the kind of access management issues that this whistleblower disclosure talks about — and the risks that might come with just switching people out, especially as we’re facing these concerns about DOGE.

AB: When we have a high turnover rate and when we have the federal sector losing a lot of people in critical areas, that’s going to potentially be a significant risk for potential intrusions by not just foreign adversaries, but just hackers more broadly. My concern is broader than just the NLRB.

FS: How optimistic are you that this will be a bipartisan sort of response to some of the security concerns that have been raised about DOGE?

AB: It may not happen right away. It may take time. But the reason why I’m hopeful is because when it comes to our personal data — banking information, Social Security information — exposure for Americans and American companies should be a nonpartisan issue, in my opinion. My only concern is, is that it’s going to take some harm for everybody to really coalesce and say, ‘yes, this is a problem that we should look into.’

FS: What’s the role of the whistleblower disclosure process at a time when many inspectors general seem to be under attack?

AB: A large swath of federally appointed IGs have been removed. The IG offices still exist, so that means that in many cases, there are acting IGs. Maybe new appointees will be put in place at some point in the future. In some smaller offices, their IGs may not have been removed, but that’s less common. There are offices who have staff and they’re working well, but we also recognize that there is a significant concern now about the independence and integrity of the OIGs.

FS: What advice do you have for people who work in CIO offices and IT offices about the whistleblower process and the disclosure process?

AB: The first thing is that there is a process by which those working within CIOs can come forward to properly disclose their reasonable belief that there may be violations of law, rule or regulation, or fraud, waste, or abuse. I do recommend that they first reach out to an attorney through us at Whistleblower Aid or even other attorneys who specialize in this area to make sure that they’re properly handling the information that they’re going to be disclosing.

Dan did this in a public fashion where he allowed his name to be put out publicly. He spoke publicly to encourage others to come forward as well. Many whistleblowers have disclosed things confidentially. And there is a way to do this to mitigate professional risk, while at the same time getting it to somebody who can investigate.