A federal judge has issued a preliminary injunction against the Department of Government Efficiency (DOGE), ordering it to cease all access to Social Security Administration (SSA) data and to delete any non-anonymized information it has obtained. The decision comes amid a series of serious whistleblower allegations involving unauthorized access to federal systems and foreign login attempts originating from Russia.
What Happened?
The whistleblower, Daniel Berulis, a senior DevSecOps architect at the National Labor Relations Board (NLRB) and former TS/SCI clearance holder, submitted a formal complaint to Congress. His testimony, corroborated by technical evidence, outlines a disturbing pattern of:
- Unauthorized DOGE activity within NLRB systems
- Data exfiltration to unknown servers, potentially domestic and foreign
- Near real-time Russian login attempts using newly created DOGE credentials
- Physical intimidation involving drone surveillance and a threat note
Berulis’ disclosure was submitted through Whistleblower Aid, a nonprofit legal organization that protects individuals reporting federal misconduct.
Federal Court Ruling
On April 17, 2025, a U.S. District Court ruled that DOGE had:
- No sufficient legal basis to access SSA systems
- Breached basic data privacy protocols
- Potentially enabled foreign access points through credential mismanagement
The ruling mandates DOGE to:
- Remove all installed software or agents from SSA infrastructure
- Delete all collected personal data, unless anonymized
- Refrain from any further system interactions, pending investigation
Key Legal Violations
The whistleblower’s legal team argues DOGE’s actions regarding the Social Security data may violate several federal statutes and standards:
- Federal Information Security Modernization Act (FISMA)
- The Privacy Act of 1974
- CISA and NIST cybersecurity frameworks, which govern secure government data handling
Berulis provided Exhibit A, a sworn declaration, and Exhibit B, screenshots showing unusual login behavior shortly after DOGE-created credentials were issued followed by attempted logins from IP addresses located in Russia.
Physical Threat Raises Alarms
In addition to the cybersecurity breach, Berulis also reported a threatening note taped to his door, accompanied by drone-captured photos of him walking in his neighborhood. The note directly referenced his planned disclosure.
“This meat space action where a threat was physically delivered to my client’s home is absolutely disturbing,” the legal team stated in the filing. The incident has been reported to law enforcement.
Implications for National Security
This case raises broader questions about:
- Internal oversight within federal modernization programs
- Chain of custody for sensitive data
- Real-time foreign access risks, especially involving Social Security and labor agency systems
- Potential vulnerabilities introduced through unauthorized or opaque software installations
The involvement of Russian login attempts within minutes of credential creation significantly raises the stakes and may prompt further investigation from intelligence agencies.
SSA, NLRB, and DOJ Reactions
As of now, the SSA has not released a public statement, but sources close to the matter confirm a top-down audit of third-party software access is underway.
Congressional committees on Oversight and Health, Education, Labor and Pensions have acknowledged receipt of Berulis’ whistleblower report and are reviewing the matter.
The Department of Justice has not confirmed whether a criminal investigation is in progress, but multiple officials are reportedly “monitoring the situation closely.”
Timeline of Key Events
|
Date |
Event |
|
Feb–Mar 2025 |
DOGE creates user credentials within NLRB systems |
|
Mar 2025 |
Login attempts from Russia observed immediately post-creation |
|
April 7, 2025 |
Whistleblower receives physical threat at home |
|
April 14, 2025 |
Disclosure submitted to Congress |
|
April 17, 2025 |
Federal judge issues injunction blocking DOGE from SSA access |
The judge’s injunction marks a critical legal and operational setback for the Department of Government Efficiency, raising red flags about cybersecurity protocols across federal systems. The SSA, which manages data for nearly 70 million Americans, is now under increased scrutiny for how third-party access was approved without a documented legal basis.
Who’s the whistleblower?
Daniel Berulis — a senior DevSecOps architect at the National Labor Relations Board (NLRB), formerly with TS/SCI clearance.
He just told Congress the Department of Government Efficiency (DOGE) pulled off a covert cyber op inside a federal agency. pic.twitter.com/8hhVdSC5hU
— Matt Johansen (@mattjay) April 18, 2025
As investigations continue, this case is expected to become a litmus test for data privacy and national cybersecurity accountability in the post-COVID federal digital transformation era.
