National Labor Relations Board
DOGE first arrived at this relatively small and independent agency that ensures that the union rights of workers are protected at the end of February, and they quickly proceeded to do the same scuttling of contracts and termination of employees that they have tried at other agencies under the guide of “IT modernization.” However, it appears they also tried to remove sensitive data from the agency, and thanks to a whistleblower, we are now able to see some sophisticated attacks that were made against IT resources at the agency.
People
Information: Click items to expand
| Source: | The Authors Guild/American Council of Learned Societies v. National Endowment for the Humanities, doc 248-2 Court Document, 3/06/26 |
Detailed From:
Offboarding:
Left govt 8/06/25 (reported)
Detailed From:
Offboarding:
Left govt 8/06/25 (reported)
| Source: | Labor Board’s DOGE Detailees Connected to Agency Take Downs Bloomberg Law, 4/21/25 |
| Source: | The Authors Guild/American Council of Learned Societies v. National Endowment for the Humanities, doc 248-2 Court Document, 3/06/26 |
| Source: | Labor Board’s DOGE Detailees Connected to Agency Take Downs Bloomberg Law, 4/21/25 |
Events
1/27/25
Disruption:
President Trump illegally fires the National Labor Relations Board (NLRB) Chair Gwynne Wilcox and General Counsel Jennifer Abruzzo from the agency’s board. This leaves the agency without quorum to act.
Disruption:
President Trump illegally fires the National Labor Relations Board (NLRB) Chair Gwynne Wilcox and General Counsel Jennifer Abruzzo from the agency’s board. This leaves the agency without quorum to act.
| Source: | Project 2025: Elon Musk’s attack on the Department of Labor Fulcrum News, 3/04/25 |
| Agency: | NLRB |
| DOGE Project: | Impunity |
2/20/25
Disruption:
Employees at the NLRB are alarmed to see that DOGE has claimed on its website that it has cancelled the lease for their office in Buffalo, NY.
Disruption:
Employees at the NLRB are alarmed to see that DOGE has claimed on its website that it has cancelled the lease for their office in Buffalo, NY.
| Source: | How DOGE's Sketchy 'Wall Of Receipts' Set Off Panic Inside A Federal Agency The Huffington Post, 2/20/25 |
| Agency: | NLRB |
| DOGE Project: | Spending |
c.2/24/25
Sighting:
Staffers at the NLRB are informed that DOGE will be arriving at the agency the following week and that they have questions about the agency’s network architecture.
Sighting:
Staffers at the NLRB are informed that DOGE will be arriving at the agency the following week and that they have questions about the agency’s network architecture.
| Question: | Fuzz: The testimony only mentions that this communication happened sometime during that week |
| Source: | Disclosure of Cyber Security Breach and Data Exfiltration through DOGE Systems and Whistleblower/Witness Intimidation Whistleblower Aid, 4/25/25 |
| Agency: | NLRB |
2/28/25
Disruption:
After a journalist posts info that Jordan Wick’s github profile is public, a staffer an NLRB notices a project of his named NxGenBdoorExtract. The name seems to indicate it’s a tool for exfiltrating data from a sensitive NLRB system named NxGen.
Disruption:
After a journalist posts info that Jordan Wick’s github profile is public, a staffer an NLRB notices a project of his named NxGenBdoorExtract. The name seems to indicate it’s a tool for exfiltrating data from a sensitive NLRB system named NxGen.
| Person: | Jordan Wick |
| Source: | A whistleblower's disclosure details how DOGE may have taken sensitive labor data National Public Radio, 4/15/25 |
| Agency: | NLRB |
| DOGE Project: | Impunity |
3/03/25
Detailed To:
Detailed To:
| GSA Detailed To: NLRB Justin Aimonetti 3/03/25 | |
| Source: | The Authors Guild/American Council of Learned Societies v. National Endowment for the Humanities, doc 248-2 Court Document, 3/06/26 |
System Access:
The NLRB Assistant CIO conveys instructions that there are to be no logs or records made of accounts that are created for DOGE staff and they are to be given “tenant”-level accounts with read/write/admin for all systems as part of their auditing work. This level of access exceed existing permissions that would normally be used by auditors.
System Access:
The NLRB Assistant CIO conveys instructions that there are to be no logs or records made of accounts that are created for DOGE staff and they are to be given “tenant”-level accounts with read/write/admin for all systems as part of their auditing work. This level of access exceed existing permissions that would normally be used by auditors.
| Source: | Disclosure of Cyber Security Breach and Data Exfiltration through DOGE Systems and Whistleblower/Witness Intimidation Whistleblower Aid, 4/25/25 |
| Agency: | NLRB |
| DOGE Project: | Impunity |
Sighting:
A black SUV and police escort bring DOGE staff to the NLRB. The DOGE staff weren’t introduced and didn’t interact with IT staff directly.
Sighting:
A black SUV and police escort bring DOGE staff to the NLRB. The DOGE staff weren’t introduced and didn’t interact with IT staff directly.
| Source: | Disclosure of Cyber Security Breach and Data Exfiltration through DOGE Systems and Whistleblower/Witness Intimidation Whistleblower Aid, 4/25/25 |
| Agency: | NLRB |
3/04/25
Disruption:
NLRB network staff notice the existence of an anomalous container on their network that could be performing unauthorized actions. Its storage tokens have been expired, deterring analysis of what resources it might have accessed.
Disruption:
NLRB network staff notice the existence of an anomalous container on their network that could be performing unauthorized actions. Its storage tokens have been expired, deterring analysis of what resources it might have accessed.
| Source: | Disclosure of Cyber Security Breach and Data Exfiltration through DOGE Systems and Whistleblower/Witness Intimidation Whistleblower Aid, 4/25/25 |
| Agency: | NLRB |
3/05/25
Disruption:
NLRB network staff discover that a security tool for watching network traffic within their cloud environment was manually deactivated and was not logging the creation of new network nodes.
Disruption:
NLRB network staff discover that a security tool for watching network traffic within their cloud environment was manually deactivated and was not logging the creation of new network nodes.
| Source: | Disclosure of Cyber Security Breach and Data Exfiltration through DOGE Systems and Whistleblower/Witness Intimidation Whistleblower Aid, 4/25/25 |
| Agency: | NLRB |
| DOGE Project: | Impunity |
Disruption:
A NLRB network staffer notices a large spike in outgoing network traffic from their network with no corresponding incoming traffic (as might be the case for web traffic hitting the website). He also sees a surge in DNS requests which might be used to hide tunnels for stealing data.
Disruption:
A NLRB network staffer notices a large spike in outgoing network traffic from their network with no corresponding incoming traffic (as might be the case for web traffic hitting the website). He also sees a surge in DNS requests which might be used to hide tunnels for stealing data.
| Source: | Disclosure of Cyber Security Breach and Data Exfiltration through DOGE Systems and Whistleblower/Witness Intimidation Whistleblower Aid, 4/25/25 |
| Agency: | NLRB |
| DOGE Project: | Impunity |
3/06/25
Disruption:
NLRB network staff an account a DOGE-specific name DogeSA_2d5c3e0446f9@nlrb.microsoft.com that was recently created and then deleted. It seems to have been configured to allow automated scripts to access NLRB’s cloud.
Disruption:
NLRB network staff an account a DOGE-specific name
DogeSA_2d5c3e0446f9@nlrb.microsoft.com that was recently created and then deleted. It seems to have been configured to allow automated scripts to access NLRB’s cloud.
| Source: | Disclosure of Cyber Security Breach and Data Exfiltration through DOGE Systems and Whistleblower/Witness Intimidation Whistleblower Aid, 4/25/25 |
| Agency: | NLRB |
| DOGE Project: | Impunity |
Disruption:
After various users reported login problems to the service desk, networking staff at NLRB discover that certain conditional access policies had been updated without their awareness. This change was later confirmed to not be the result of any scheduled maintenance.
Disruption:
After various users reported login problems to the service desk, networking staff at NLRB discover that certain conditional access policies had been updated without their awareness. This change was later confirmed to not be the result of any scheduled maintenance.
| Source: | Disclosure of Cyber Security Breach and Data Exfiltration through DOGE Systems and Whistleblower/Witness Intimidation Whistleblower Aid, 4/25/25 |
| Agency: | NLRB |
| DOGE Project: | Impunity |
3/07/25
| Source: | Disclosure of Cyber Security Breach and Data Exfiltration through DOGE Systems and Whistleblower/Witness Intimidation Whistleblower Aid, 4/25/25 |
| Agency: | NLRB |
| DOGE Project: | Impunity |
Disruption:
Networking staff at NLRB discovered that 3 Github libraries were downloaded in the prior 30 days by DOGE staff at the agency which could be used for scraping high volumes of data and obscuring the source requests.
Disruption:
Networking staff at NLRB discovered that 3 Github libraries were downloaded in the prior 30 days by DOGE staff at the agency which could be used for scraping high volumes of data and obscuring the source requests.
| Source: | Disclosure of Cyber Security Breach and Data Exfiltration through DOGE Systems and Whistleblower/Witness Intimidation Whistleblower Aid, 4/25/25 |
| Agency: | NLRB |
| DOGE Project: | Impunity |
3/11/25
Disruption:
NLRB networking staff notice another surge in system utilization for the NxGen system. This coincides with multiple attempts to connect to the system from an IP address in Russia. Alarmingly, the Russian access is attempting to use an account that was created only 15 minutes earlier by DOGE engineers at the agency.
Disruption:
NLRB networking staff notice another surge in system utilization for the NxGen system. This coincides with multiple attempts to connect to the system from an IP address in Russia. Alarmingly, the Russian access is attempting to use an account that was created only 15 minutes earlier by DOGE engineers at the agency.
| Source: | Disclosure of Cyber Security Breach and Data Exfiltration through DOGE Systems and Whistleblower/Witness Intimidation Whistleblower Aid, 4/25/25 |
| Agency: | NLRB |
| DOGE Project: | Impunity |
3/13/25
| Source: | Disclosure of Cyber Security Breach and Data Exfiltration through DOGE Systems and Whistleblower/Witness Intimidation Whistleblower Aid, 4/25/25 |
| Agency: | NLRB |
| DOGE Project: | Impunity |
3/19/25
Disruption:
NLRB networking staff observe a spike in billing records from their cloud provider which are seemingly related to systems that are no longer in operation. These likely indicate resources that were short-lived or deleted to cover up tracks.
Disruption:
NLRB networking staff observe a spike in billing records from their cloud provider which are seemingly related to systems that are no longer in operation. These likely indicate resources that were short-lived or deleted to cover up tracks.
| Source: | Disclosure of Cyber Security Breach and Data Exfiltration through DOGE Systems and Whistleblower/Witness Intimidation Whistleblower Aid, 4/25/25 |
| Agency: | NLRB |
| DOGE Project: | Impunity |
c.3/24/25
| Question: | Fuzz: Source mentions it was on or about this date |
| Source: | Disclosure of Cyber Security Breach and Data Exfiltration through DOGE Systems and Whistleblower/Witness Intimidation Whistleblower Aid, 4/25/25 |
| Agency: | CISA, NLRB |
| DOGE Project: | Impunity |
4/04/25
| Source: | Disclosure of Cyber Security Breach and Data Exfiltration through DOGE Systems and Whistleblower/Witness Intimidation Whistleblower Aid, 4/25/25 |
| Agency: | CISA, NLRB |
| DOGE Project: | Impunity |
4/14/25
Disruption:
On the day that NPR published a story with the claims of a whistleblower at the NLRB, the Deputy CIO of the agency, Eric Mark, suspends administrative access for all employees, locking the IT staff out of their ability to continue monitoring DOGE’s actions at the agency.
Disruption:
On the day that NPR published a story with the claims of a whistleblower at the NLRB, the Deputy CIO of the agency, Eric Mark, suspends administrative access for all employees, locking the IT staff out of their ability to continue monitoring DOGE’s actions at the agency.
| Source: | Whistleblower: DOGE Siphoned NLRB Case Data Krebs on Security, 4/21/25 |
| Agency: | NLRB |
| DOGE Project: | Impunity |
4/16/25
Detailed To:
Detailed To:
| GSA? Detailed To: NLRB Nate Cavanaugh 4/16/25 | |
| Source: | Labor Board’s DOGE Detailees Connected to Agency Take Downs Bloomberg Law, 4/21/25 |
| Source: | The Authors Guild/American Council of Learned Societies v. National Endowment for the Humanities, doc 248-2 Court Document, 3/06/26 |
| Note: | Spotted by media |
| GSA? Detailed To: NLRB Justin Fox 4/16/25 | |
| Source: | Labor Board’s DOGE Detailees Connected to Agency Take Downs Bloomberg Law, 4/21/25 |
Sighting:
Justin Fox and Nate Cavanaugh are reportedly detailed from the GSA to work at the NLRB over the next few months.
Sighting:
Justin Fox and Nate Cavanaugh are reportedly detailed from the GSA to work at the NLRB over the next few months.
| Person: | Justin Fox, Nate Cavanaugh |
| Source: | Labor Board’s DOGE Detailees Connected to Agency Take Downs Bloomberg Law, 4/21/25 |
| Agency: | NLRB |
5/15/25
Oversight:
The NLRB confirms that its Inspector General is looking into the allegations of improper network access and data theft by DOGE.
Oversight:
The NLRB confirms that its Inspector General is looking into the allegations of improper network access and data theft by DOGE.
| Source: | National Labor Relations Board watchdog investigating DOGE, potential data breach FedScoop, 5/15/25 |
| Agency: | NLRB |
| DOGE Project: | Impunity |
6/16/25
Oversight:
The top Democrat on the House Oversight Committee sends a letter to Microsoft requesting access and information about Jordan Wick’s now-private Github account, specifically requesting to see details about the NxGenBdoorExtract program.
Oversight:
The top Democrat on the House Oversight Committee sends a letter to Microsoft requesting access and information about Jordan Wick’s now-private Github account, specifically requesting to see details about the NxGenBdoorExtract program.
| Source: | Top House Democrat asks Microsoft about DOGE code allegedly tied to NLRB data removal National Public Radio, 6/16/25 |
| Agency: | NLRB |