WASHINGTON (Reuters) – A whistleblower complaint says that Elon Musk’s team of technologists may have been responsible for a “significant cybersecurity breach,” likely of sensitive case files, at America’s federal labor watchdog.

The complaint, addressed to Republican Senate Intelligence Committee Chairman Tom Cotton and his Democratic counterpart Mark Warner and made public Tuesday by the group Whistleblower Aid, draws on the testimony of Daniel Berulis, an information technology staffer at the National Labor Relations Board (NLRB).

The NLRB, a New Deal-era agency that is tasked with protecting workers’ rights to organize and join unions, has for years been a target of America’s corporate titans, including Musk, some of whom are now seeking to have the agency’s powers declared unconstitutional.

Evidence of DOGE Staffers Given Sweeping Access

In an affidavit, Berulis said he had evidence that DOGE staffers were given extraordinarily sweeping access to the NLRB’s systems, including to sensitive case files. He said that beginning in early March, logging protocols created to audit users appeared to have been tampered with, and that he had detected the removal of about 10 gigabytes worth of data from NLRB’s network sometime thereafter.

“That kind of spike is extremely unusual because data almost never directly leaves NLRB’s databases,” Berulis said in his affidavit.

A spokesperson for Musk’s team – officially known as U.S. DOGE Service – didn’t immediately return a message seeking comment. A message left with the NLRB also wasn’t immediately returned, although NPR, which first reported the story, quoted an NLRB spokesperson as disputing Berulis’ claims and saying there had been no breach. Cotton and Warner didn’t immediately return messages seeking comment.

NPR, which said it interviewed 30 sources in government, law enforcement, the cybersecurity industry, and the labor movement about the complaint, said that the disabling of logging software was reminiscent of cybercriminal behavior.

Berulis’ affidavit said that an effort by him and his colleague to formally investigate and alert the Cybersecurity and Infrastructure Security Agency (CISA) was disrupted by higher-ups without explanation. A message left with CISA wasn’t immediately returned.

—

(Reporting by Raphael Satter; Editing by Aurora Ellis)