National Labor Relations Board
DOGE first arrived at this relatively small and independent agency that ensures that the union rights of workers are protected at the end of February, and they quickly proceeded to do the same scuttling of contracts and termination of employees that they have tried at other agencies under the guide of “IT modernization.” However, it appears they also tried to remove sensitive data from the agency, and thanks to a whistleblower, we are now able to see some sophisticated attacks that were made against IT resources at the agency.
People
Information: Click items to expand
Detailed From:
4/16/25-7/25/25 detailed from GSA «Mentioned by Justin Fox as working with other NLRB DOGE staff, but not listed by GAO as detailed there, so maybe not»
Offboarding:
Left govt 7/30/25 (verified)
Detailed From:
4/16/25-7/25/25 detailed from GSA «Mentioned by Justin Fox as working with other NLRB DOGE staff, but not listed by GAO as detailed there, so maybe not»
Offboarding:
Left govt 7/30/25 (verified)
| Source: | The Authors Guild/American Council of Learned Societies v. National Endowment for the Humanities, doc 248-2 Court Document, 3/06/26 |
Detailed From:
Offboarding:
Left govt 8/06/25 (reported)
Detailed From:
Offboarding:
Left govt 8/06/25 (reported)
| Source: | DOGE: National Labor Relations Board Detailees Did Not Access IT Systems Between April 16 and July 25, 2025 Government Accountability Office, 4/28/26 |
| Source: | Labor Board’s DOGE Detailees Connected to Agency Take Downs Bloomberg Law, 4/21/25 |
| Source: | The Authors Guild/American Council of Learned Societies v. National Endowment for the Humanities, doc 248-2 Court Document, 3/06/26 |
| Source: | DOGE: National Labor Relations Board Detailees Did Not Access IT Systems Between April 16 and July 25, 2025 Government Accountability Office, 4/28/26 |
| Source: | Labor Board’s DOGE Detailees Connected to Agency Take Downs Bloomberg Law, 4/21/25 |
Systems
Federal Personnel Payroll System
4/25/25-7/25/25 2 users (1 elevated)
A shared service which processes payrolls for Interior, but also DOJ, Treasury, DHS, the Air Force, Nuclear Regulatory Commission and other agencies. Covers about half of federal personnel.
Federal Personnel Payroll System
4/25/25-7/25/25 2 users (1 elevated)
A shared service which processes payrolls for Interior, but also DOJ, Treasury, DHS, the Air Force, Nuclear Regulatory Commission and other agencies. Covers about half of federal personnel.
| : | 4/25/25-7/25/25 Nate Cavanaugh (admin access) |
| : | 4/25/25-7/25/25 Justin Fox (read access) |
| Source: | DOGE: National Labor Relations Board Detailees Did Not Access IT Systems Between April 16 and July 25, 2025 Government Accountability Office, 4/28/26 |
| DOGE Project: | Anti-Personnel |
eOPF
4/25/25-7/25/25 2 users (1 elevated)
An system for government employees to access their personnel files electronically. These are updated when staff receive changes in salary or duty station or title, or receive performance reviews.
eOPF
4/25/25-7/25/25 2 users (1 elevated)
An system for government employees to access their personnel files electronically. These are updated when staff receive changes in salary or duty station or title, or receive performance reviews.
| : | 4/25/25-7/25/25 Nate Cavanaugh (admin access) |
| : | 4/25/25-7/25/25 Justin Fox (read access) |
| Source: | DOGE: National Labor Relations Board Detailees Did Not Access IT Systems Between April 16 and July 25, 2025 Government Accountability Office, 4/28/26 |
| DOGE Project: | Anti-Personnel |
Events
1/27/25
Disruption:
President Trump illegally fires the National Labor Relations Board (NLRB) Chair Gwynne Wilcox and General Counsel Jennifer Abruzzo from the agency’s board. This leaves the agency without quorum to act.
Disruption:
President Trump illegally fires the National Labor Relations Board (NLRB) Chair Gwynne Wilcox and General Counsel Jennifer Abruzzo from the agency’s board. This leaves the agency without quorum to act.
| Source: | Project 2025: Elon Musk’s attack on the Department of Labor Fulcrum News, 3/04/25 |
| Agency: | NLRB |
| DOGE Project: | Impunity |
2/20/25
Disruption:
Employees at the NLRB are alarmed to see that DOGE has claimed on its website that it has cancelled the lease for their office in Buffalo, NY.
Disruption:
Employees at the NLRB are alarmed to see that DOGE has claimed on its website that it has cancelled the lease for their office in Buffalo, NY.
| Source: | How DOGE's Sketchy 'Wall Of Receipts' Set Off Panic Inside A Federal Agency The Huffington Post, 2/20/25 |
| Agency: | NLRB |
| DOGE Project: | Spending |
c.2/24/25
Sighting:
Staffers at the NLRB are informed that DOGE will be arriving at the agency the following week and that they have questions about the agency’s network architecture.
Sighting:
Staffers at the NLRB are informed that DOGE will be arriving at the agency the following week and that they have questions about the agency’s network architecture.
| Question: | Fuzz: The testimony only mentions that this communication happened sometime during that week |
| Source: | Disclosure of Cyber Security Breach and Data Exfiltration through DOGE Systems and Whistleblower/Witness Intimidation Whistleblower Aid, 4/25/25 |
| Agency: | NLRB |
2/28/25
Disruption:
After a journalist posts info that Jordan Wick’s github profile is public, a staffer an NLRB notices a project of his named NxGenBdoorExtract. The name seems to indicate it’s a tool for exfiltrating data from a sensitive NLRB system named NxGen.
Disruption:
After a journalist posts info that Jordan Wick’s github profile is public, a staffer an NLRB notices a project of his named NxGenBdoorExtract. The name seems to indicate it’s a tool for exfiltrating data from a sensitive NLRB system named NxGen.
| Person: | Jordan Wick |
| Source: | A whistleblower's disclosure details how DOGE may have taken sensitive labor data National Public Radio, 4/15/25 |
| Agency: | NLRB |
| DOGE Project: | Impunity |
3/03/25
System Access:
The NLRB Assistant CIO conveys instructions that there are to be no logs or records made of accounts that are created for DOGE staff and they are to be given “tenant”-level accounts with read/write/admin for all systems as part of their auditing work. This level of access exceed existing permissions that would normally be used by auditors.
System Access:
The NLRB Assistant CIO conveys instructions that there are to be no logs or records made of accounts that are created for DOGE staff and they are to be given “tenant”-level accounts with read/write/admin for all systems as part of their auditing work. This level of access exceed existing permissions that would normally be used by auditors.
| Source: | Disclosure of Cyber Security Breach and Data Exfiltration through DOGE Systems and Whistleblower/Witness Intimidation Whistleblower Aid, 4/25/25 |
| Agency: | NLRB |
| DOGE Project: | Impunity |
Sighting:
A black SUV and police escort bring DOGE staff to the NLRB. The DOGE staff weren’t introduced and didn’t interact with IT staff directly.
Sighting:
A black SUV and police escort bring DOGE staff to the NLRB. The DOGE staff weren’t introduced and didn’t interact with IT staff directly.
| Source: | Disclosure of Cyber Security Breach and Data Exfiltration through DOGE Systems and Whistleblower/Witness Intimidation Whistleblower Aid, 4/25/25 |
| Agency: | NLRB |
3/04/25
Disruption:
NLRB network staff notice the existence of an anomalous container on their network that could be performing unauthorized actions. Its storage tokens have been expired, deterring analysis of what resources it might have accessed.
Disruption:
NLRB network staff notice the existence of an anomalous container on their network that could be performing unauthorized actions. Its storage tokens have been expired, deterring analysis of what resources it might have accessed.
| Source: | Disclosure of Cyber Security Breach and Data Exfiltration through DOGE Systems and Whistleblower/Witness Intimidation Whistleblower Aid, 4/25/25 |
| Agency: | NLRB |
3/05/25
Disruption:
NLRB network staff discover that a security tool for watching network traffic within their cloud environment was manually deactivated and was not logging the creation of new network nodes.
Disruption:
NLRB network staff discover that a security tool for watching network traffic within their cloud environment was manually deactivated and was not logging the creation of new network nodes.
| Source: | Disclosure of Cyber Security Breach and Data Exfiltration through DOGE Systems and Whistleblower/Witness Intimidation Whistleblower Aid, 4/25/25 |
| Agency: | NLRB |
| DOGE Project: | Impunity |
Disruption:
A NLRB network staffer notices a large spike in outgoing network traffic from their network with no corresponding incoming traffic (as might be the case for web traffic hitting the website). He also sees a surge in DNS requests which might be used to hide tunnels for stealing data.
Disruption:
A NLRB network staffer notices a large spike in outgoing network traffic from their network with no corresponding incoming traffic (as might be the case for web traffic hitting the website). He also sees a surge in DNS requests which might be used to hide tunnels for stealing data.
| Source: | Disclosure of Cyber Security Breach and Data Exfiltration through DOGE Systems and Whistleblower/Witness Intimidation Whistleblower Aid, 4/25/25 |
| Agency: | NLRB |
| DOGE Project: | Impunity |
3/06/25
Disruption:
NLRB network staff an account a DOGE-specific name DogeSA_2d5c3e0446f9@nlrb.microsoft.com that was recently created and then deleted. It seems to have been configured to allow automated scripts to access NLRB’s cloud.
Disruption:
NLRB network staff an account a DOGE-specific name
DogeSA_2d5c3e0446f9@nlrb.microsoft.com that was recently created and then deleted. It seems to have been configured to allow automated scripts to access NLRB’s cloud.
| Source: | Disclosure of Cyber Security Breach and Data Exfiltration through DOGE Systems and Whistleblower/Witness Intimidation Whistleblower Aid, 4/25/25 |
| Agency: | NLRB |
| DOGE Project: | Impunity |
Disruption:
After various users reported login problems to the service desk, networking staff at NLRB discover that certain conditional access policies had been updated without their awareness. This change was later confirmed to not be the result of any scheduled maintenance.
Disruption:
After various users reported login problems to the service desk, networking staff at NLRB discover that certain conditional access policies had been updated without their awareness. This change was later confirmed to not be the result of any scheduled maintenance.
| Source: | Disclosure of Cyber Security Breach and Data Exfiltration through DOGE Systems and Whistleblower/Witness Intimidation Whistleblower Aid, 4/25/25 |
| Agency: | NLRB |
| DOGE Project: | Impunity |
3/07/25
| Source: | Disclosure of Cyber Security Breach and Data Exfiltration through DOGE Systems and Whistleblower/Witness Intimidation Whistleblower Aid, 4/25/25 |
| Agency: | NLRB |
| DOGE Project: | Impunity |
Disruption:
Networking staff at NLRB discovered that 3 Github libraries were downloaded in the prior 30 days by DOGE staff at the agency which could be used for scraping high volumes of data and obscuring the source requests.
Disruption:
Networking staff at NLRB discovered that 3 Github libraries were downloaded in the prior 30 days by DOGE staff at the agency which could be used for scraping high volumes of data and obscuring the source requests.
| Source: | Disclosure of Cyber Security Breach and Data Exfiltration through DOGE Systems and Whistleblower/Witness Intimidation Whistleblower Aid, 4/25/25 |
| Agency: | NLRB |
| DOGE Project: | Impunity |
3/11/25
Disruption:
NLRB networking staff notice another surge in system utilization for the NxGen system. This coincides with multiple attempts to connect to the system from an IP address in Russia. Alarmingly, the Russian access is attempting to use an account that was created only 15 minutes earlier by DOGE engineers at the agency.
Disruption:
NLRB networking staff notice another surge in system utilization for the NxGen system. This coincides with multiple attempts to connect to the system from an IP address in Russia. Alarmingly, the Russian access is attempting to use an account that was created only 15 minutes earlier by DOGE engineers at the agency.
| Source: | Disclosure of Cyber Security Breach and Data Exfiltration through DOGE Systems and Whistleblower/Witness Intimidation Whistleblower Aid, 4/25/25 |
| Agency: | NLRB |
| DOGE Project: | Impunity |
3/13/25
| Source: | Disclosure of Cyber Security Breach and Data Exfiltration through DOGE Systems and Whistleblower/Witness Intimidation Whistleblower Aid, 4/25/25 |
| Agency: | NLRB |
| DOGE Project: | Impunity |
3/19/25
Disruption:
NLRB networking staff observe a spike in billing records from their cloud provider which are seemingly related to systems that are no longer in operation. These likely indicate resources that were short-lived or deleted to cover up tracks.
Disruption:
NLRB networking staff observe a spike in billing records from their cloud provider which are seemingly related to systems that are no longer in operation. These likely indicate resources that were short-lived or deleted to cover up tracks.
| Source: | Disclosure of Cyber Security Breach and Data Exfiltration through DOGE Systems and Whistleblower/Witness Intimidation Whistleblower Aid, 4/25/25 |
| Agency: | NLRB |
| DOGE Project: | Impunity |
c.3/24/25
| Question: | Fuzz: Source mentions it was on or about this date |
| Source: | Disclosure of Cyber Security Breach and Data Exfiltration through DOGE Systems and Whistleblower/Witness Intimidation Whistleblower Aid, 4/25/25 |
| Agency: | CISA, NLRB |
| DOGE Project: | Impunity |
4/04/25
| Source: | Disclosure of Cyber Security Breach and Data Exfiltration through DOGE Systems and Whistleblower/Witness Intimidation Whistleblower Aid, 4/25/25 |
| Agency: | CISA, NLRB |
| DOGE Project: | Impunity |
4/14/25
Disruption:
On the day that NPR published a story with the claims of a whistleblower at the NLRB, the Deputy CIO of the agency, Eric Mark, suspends administrative access for all employees, locking the IT staff out of their ability to continue monitoring DOGE’s actions at the agency.
Disruption:
On the day that NPR published a story with the claims of a whistleblower at the NLRB, the Deputy CIO of the agency, Eric Mark, suspends administrative access for all employees, locking the IT staff out of their ability to continue monitoring DOGE’s actions at the agency.
| Source: | Whistleblower: DOGE Siphoned NLRB Case Data Krebs on Security, 4/21/25 |
| Agency: | NLRB |
| DOGE Project: | Impunity |
4/16/25
Detailed To:
Detailed To:
| GSA Detailed To: NLRB Justin Aimonetti 4/16/25-7/25/25 | |
| Source: | The Authors Guild/American Council of Learned Societies v. National Endowment for the Humanities, doc 248-2 Court Document, 3/06/26 |
| Note: | Mentioned by Justin Fox as working with other NLRB DOGE staff, but not listed by GAO as detailed there, so maybe not |
| GSA Detailed To: NLRB Nate Cavanaugh 4/16/25-7/25/25 | |
| Source: | DOGE: National Labor Relations Board Detailees Did Not Access IT Systems Between April 16 and July 25, 2025 Government Accountability Office, 4/28/26 |
| Source: | Labor Board’s DOGE Detailees Connected to Agency Take Downs Bloomberg Law, 4/21/25 |
| Source: | The Authors Guild/American Council of Learned Societies v. National Endowment for the Humanities, doc 248-2 Court Document, 3/06/26 |
| Note: | Spotted by media |
| GSA Detailed To: NLRB Justin Fox 4/16/25-7/25/25 | |
| Source: | DOGE: National Labor Relations Board Detailees Did Not Access IT Systems Between April 16 and July 25, 2025 Government Accountability Office, 4/28/26 |
| Source: | Labor Board’s DOGE Detailees Connected to Agency Take Downs Bloomberg Law, 4/21/25 |
Sighting:
Justin Fox and Nate Cavanaugh are detailed from the GSA to work at the NLRB over the next few months. They meet with the Chairman, Acting Senior Counsel and other senior board members. The DOGE staff requested access to 7 HR systems at NLRB.
Sighting:
Justin Fox and Nate Cavanaugh are detailed from the GSA to work at the NLRB over the next few months. They meet with the Chairman, Acting Senior Counsel and other senior board members. The DOGE staff requested access to 7 HR systems at NLRB.
| Person: | Justin Fox, Nate Cavanaugh |
| Source: | DOGE: National Labor Relations Board Detailees Did Not Access IT Systems Between April 16 and July 25, 2025 Government Accountability Office, 4/28/26 |
| Source: | Labor Board’s DOGE Detailees Connected to Agency Take Downs Bloomberg Law, 4/21/25 |
| Agency: | NLRB |
| DOGE Project: | Anti-Personnel |
4/24/25
| Source: | DOGE: National Labor Relations Board Detailees Did Not Access IT Systems Between April 16 and July 25, 2025 Government Accountability Office, 4/28/26 |
| Agency: | NLRB |
4/25/25
:
Justin Fox is granted basic access to 2 systems at NLRB.
:
Justin Fox is granted basic access to 2 systems at NLRB.
| System Access: | FPPS: Federal Personnel Payroll System |
| : | read, 4/25/25-7/25/25 Justin Fox (never used) |
| Note: | A shared service which processes payrolls for Interior, but also DOJ, Treasury, DHS, the Air Force, Nuclear Regulatory Commission and other agencies. Covers about half of federal personnel. |
| DOGE Project: | Anti-Personnel |
| System Access: | eOPF |
| : | read, 4/25/25-7/25/25 Justin Fox (never used) |
| Note: | An system for government employees to access their personnel files electronically. These are updated when staff receive changes in salary or duty station or title, or receive performance reviews. |
| DOGE Project: | Anti-Personnel |
:
Nate Cavanaugh is granted elevated access to 2 systems at NLRB.
:
Nate Cavanaugh is granted elevated access to 2 systems at NLRB.
| System Access: | FPPS: Federal Personnel Payroll System |
| : | admin, 4/25/25-7/25/25 Nate Cavanaugh (never used) |
| Note: | A shared service which processes payrolls for Interior, but also DOJ, Treasury, DHS, the Air Force, Nuclear Regulatory Commission and other agencies. Covers about half of federal personnel. |
| DOGE Project: | Anti-Personnel |
| System Access: | eOPF |
| : | admin, 4/25/25-7/25/25 Nate Cavanaugh (never used) |
| Note: | An system for government employees to access their personnel files electronically. These are updated when staff receive changes in salary or duty station or title, or receive performance reviews. |
| DOGE Project: | Anti-Personnel |
5/15/25
Oversight:
The NLRB confirms that its Inspector General is looking into the allegations of improper network access and data theft by DOGE.
Oversight:
The NLRB confirms that its Inspector General is looking into the allegations of improper network access and data theft by DOGE.
| Source: | National Labor Relations Board watchdog investigating DOGE, potential data breach FedScoop, 5/15/25 |
| Agency: | NLRB |
| DOGE Project: | Impunity |
6/16/25
Oversight:
The top Democrat on the House Oversight Committee sends a letter to Microsoft requesting access and information about Jordan Wick’s now-private Github account, specifically requesting to see details about the NxGenBdoorExtract program.
Oversight:
The top Democrat on the House Oversight Committee sends a letter to Microsoft requesting access and information about Jordan Wick’s now-private Github account, specifically requesting to see details about the NxGenBdoorExtract program.
| Source: | Top House Democrat asks Microsoft about DOGE code allegedly tied to NLRB data removal National Public Radio, 6/16/25 |
| Agency: | NLRB |
7/25/25
Access Revoked:
Nate Cavanaugh has elevated access revoked for 2 systems at NLRB.
Access Revoked:
Nate Cavanaugh has elevated access revoked for 2 systems at NLRB.
| System Access: | FPPS: Federal Personnel Payroll System |
| : | admin, 4/25/25-7/25/25 Nate Cavanaugh |
| Note: | A shared service which processes payrolls for Interior, but also DOJ, Treasury, DHS, the Air Force, Nuclear Regulatory Commission and other agencies. Covers about half of federal personnel. |
| DOGE Project: | Anti-Personnel |
| System Access: | eOPF |
| : | admin, 4/25/25-7/25/25 Nate Cavanaugh |
| Note: | An system for government employees to access their personnel files electronically. These are updated when staff receive changes in salary or duty station or title, or receive performance reviews. |
| DOGE Project: | Anti-Personnel |
Access Revoked:
Justin Fox has basic access revoked for 2 systems at NLRB.
Access Revoked:
Justin Fox has basic access revoked for 2 systems at NLRB.
| System Access: | FPPS: Federal Personnel Payroll System |
| : | read, 4/25/25-7/25/25 Justin Fox |
| Note: | A shared service which processes payrolls for Interior, but also DOJ, Treasury, DHS, the Air Force, Nuclear Regulatory Commission and other agencies. Covers about half of federal personnel. |
| DOGE Project: | Anti-Personnel |
| System Access: | eOPF |
| : | read, 4/25/25-7/25/25 Justin Fox |
| Note: | An system for government employees to access their personnel files electronically. These are updated when staff receive changes in salary or duty station or title, or receive performance reviews. |
| DOGE Project: | Anti-Personnel |
Offboarding:
Justin Aimonetti ends detailed position at NLRB
Offboarding:
Justin Aimonetti ends detailed position at NLRB
| GSA Detailed To: NLRB Justin Aimonetti 4/16/25-7/25/25 | |
| Source: | The Authors Guild/American Council of Learned Societies v. National Endowment for the Humanities, doc 248-2 Court Document, 3/06/26 |
| Note: | Mentioned by Justin Fox as working with other NLRB DOGE staff, but not listed by GAO as detailed there, so maybe not |
Offboarding:
Nate Cavanaugh ends detailed position at NLRB
Offboarding:
Nate Cavanaugh ends detailed position at NLRB
| GSA Detailed To: NLRB Nate Cavanaugh 4/16/25-7/25/25 | |
| Source: | DOGE: National Labor Relations Board Detailees Did Not Access IT Systems Between April 16 and July 25, 2025 Government Accountability Office, 4/28/26 |
| Source: | Labor Board’s DOGE Detailees Connected to Agency Take Downs Bloomberg Law, 4/21/25 |
| Source: | The Authors Guild/American Council of Learned Societies v. National Endowment for the Humanities, doc 248-2 Court Document, 3/06/26 |
| Note: | Spotted by media |
Offboarding:
Justin Fox ends detailed position at NLRB
Offboarding:
Justin Fox ends detailed position at NLRB
| GSA Detailed To: NLRB Justin Fox 4/16/25-7/25/25 | |
| Source: | DOGE: National Labor Relations Board Detailees Did Not Access IT Systems Between April 16 and July 25, 2025 Government Accountability Office, 4/28/26 |
| Source: | Labor Board’s DOGE Detailees Connected to Agency Take Downs Bloomberg Law, 4/21/25 |
Offboarding:
The DOGE staff detailed to NLRB end their detail at the agency. During the entire time, they never picked up their work laptops nor did they access 2 systems they were authorized for. That access is revoked.
Offboarding:
The DOGE staff detailed to NLRB end their detail at the agency. During the entire time, they never picked up their work laptops nor did they access 2 systems they were authorized for. That access is revoked.
| Source: | DOGE: National Labor Relations Board Detailees Did Not Access IT Systems Between April 16 and July 25, 2025 Government Accountability Office, 4/28/26 |
| Agency: | NLRB |
| DOGE Project: | Anti-Personnel |
4/28/26
Oversight:
The Government Accountability Office releases a report of an investigation in DOGE activities at the agency. It found that GSA detailed two staffers to NLRB and they did not access any agency IT systems there. It does also mention that a whistleblower reported illegal access in March 2025, but that is being investigated by the agency Inspector General
Oversight:
The Government Accountability Office releases a report of an investigation in DOGE activities at the agency. It found that GSA detailed two staffers to NLRB and they did not access any agency IT systems there. It does also mention that a whistleblower reported illegal access in March 2025, but that is being investigated by the agency Inspector General
| Source: | DOGE: National Labor Relations Board Detailees Did Not Access IT Systems Between April 16 and July 25, 2025 Government Accountability Office, 4/28/26 |
| Agency: | NLRB |