Report to Congressional Requesters
United States Government Accountability Office
A report to congressional requesters
Contact: Marisol Cruz Cain at CruzCainM@gao.gov
What GAO Found
The National Labor Relations Board (NLRB) administers and enforces the National Labor Relations Act. The Act encourages the practice of collective bargaining, protects the rights of employees in this area, and seeks to eliminate unfair labor practices. To do so, the Board relies on a host of IT systems to carry out its functions, including seven human resources systems.
According to NLRB officials, the United States DOGE Service (USDS) (formerly known as the United States Digital Service and now commonly referred to as DOGE) first contacted them on April 15, 2025. Subsequently, USDS staff met with NLRB’s Chairman, Acting General Counsel, and other senior Board leaders on April 16, 2025. That same day, NLRB entered into agreements for two General Services Administration employees to be detailed to NLRB as DOGE team staff. The agreements expired on July 25, 2025.
The DOGE team requested access to NLRB systems but did not use them. Specifically, both DOGE team staff requested access to all seven of the Board’s human resources systems. Board staff then (1) fulfilled two of those access requests but (2) did not fulfill the other five. Specifically:
· Two fulfilled requests. According to NLRB officials, the Board created accounts on April 24, 2025, for both team members that addressed two of the seven requests for system access. However, DOGE team staff did not use the accounts to enter the systems. Specifically, as of July 25, 2025, the team staff had not picked up their NLRB laptops or activated their system accounts, according to Board officials. Accordingly, NLRB disabled the system accounts shortly after the agreements with team staff expired.
· Five requests that were not fulfilled. Requests for access to the remaining five systems were not completed because the DOGE team staff did not pick up the laptops needed for the Board to provide them with such access.
GAO found no evidence that DOGE team staff accessed any of these systems between April 16, 2025, and July 25, 2025. To determine this, GAO reviewed the sign-in activity of the logs for the DOGE team members’ accounts used to access NLRB network resources and did not identify any sign-ins during the specified timeframes.
Why GAO Did This Study
USDS was created by executive order to implement the President’s goals to maximize government efficiency by modernizing technology. The executive order also calls for the heads of executive branch agencies to establish DOGE teams that work with USDS.
On April 14, 2025, an NLRB IT staff member disclosed to Congress allegations that one or more DOGE team members arrived in March 2025 and unlawfully accessed the Board’s case management systems and allowed potential foreign actors to exfiltrate or steal data. The following day, a news outlet publicly reported on these allegations. According to NLRB, the Board’s Inspector General is investigating these allegations.
GAO was asked to review the systems and information NLRB’s DOGE team accessed at the Board. This report describes the NLRB systems that the DOGE team had been provided access to and how, if at all, the team used those systems.
To address the objective, GAO focused on DOGE team access to NLRB systems between April 16, 2025, and July 25, 2025 (start and end dates for the agreements to detail DOGE team staff to NLRB). GAO did not review DOGE team access prior to April 16, 2025, to not overlap with the NLRB Inspector General’s investigation.
GAO reviewed system access request forms and NLRB approval communications to determine the level of access that the DOGE team was authorized to receive for each system. GAO also interviewed NLRB staff regarding what level of access they provided for each system to the team. GAO reviewed NLRB sign-in activity of the logs for the accounts used to access agency network resources.
The NLRB did not have any comments on the report.
Abbreviations
DOGE Department of Government Efficiency
NLRB National Labor Relations Board
OPM Office of Personnel Management
PII personally identifiable information
USDS United States DOGE Service
This is a work of the U.S. government and is not subject to copyright protection in the United States. The published product may be reproduced and distributed in its entirety without further permission from GAO. However, because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately.
April 28, 2026
Congressional Requesters
The United States DOGE Service (USDS) was created within the Executive Office of the President by Executive Order No. 14158 on January 20, 2025.[1] The service’s mission is to implement the President’s DOGE (Department of Government Efficiency) goals to maximize government efficiency and productivity by modernizing federal technology and software.[2] The order also calls for the heads of executive branch agencies to establish DOGE teams at their respective agencies to work with USDS and advise agency heads on the implementation of the goals.[3]
In addition, agency heads are to take all necessary steps to ensure that USDS has full and prompt access to all unclassified agency records, software systems, and IT systems. The breadth of this access has led to questions about whether agency systems and their sensitive information and data may be vulnerable to unauthorized disclosure or modification.[4]
The security of these agency systems and data is vital to the economy, public confidence, and national security. In addition, many of these systems contain vast amounts of personally identifiable information (PII),[5] thus making it imperative to protect the confidentiality, integrity, and availability of these systems and their data.
Recognizing the importance of protecting federal systems and data, we have designated information security as a government-wide high-risk area since 1997.[6] In 2015, we expanded it to include protecting the privacy of PII.[7] In September 2018, we issued an update to this high-risk area that identified actions needed to address cybersecurity challenges facing the nation—including the need to better secure federal systems and information and protect privacy and sensitive data.[8]
On April 14, 2025, a National Labor Relations Board (NLRB) IT staff member disclosed to Congress allegations that one or more DOGE team members arrived in March 2025 and unlawfully accessed the Board’s case management systems and allowed potential foreign actors to exfiltrate or steal data. The following day, a news outlet publicly reported on these allegations.[9] According to NLRB, the Board’s Inspector General is investigating these allegations.
According to NLRB officials, USDS first contacted them on April 15, 2025. Subsequently, USDS staff met with NLRB’s Chairman, Acting General Counsel, and other senior Board leaders on April 16, 2025. That same day, NLRB entered into agreements for two General Services Administration employees to be detailed to NLRB as DOGE team staff through July 25, 2025.
We were asked to review the systems and information NLRB’s DOGE team accessed at the Board. This report describes the NLRB systems that the DOGE team had been provided access to and how, if at all, the team used those systems.
To address our objective, we focused on DOGE team access to NLRB systems between April 16, 2025, and July 25, 2025 (the start and end dates for the agreement to detail DOGE team staff to NLRB).[10] We did not review DOGE team access prior to April 16, 2025 to not overlap with the NLRB Inspector General’s investigation.
We reviewed system access request forms and NLRB approval communications to determine the level of access that the DOGE team was authorized to receive for each system. We then interviewed NLRB staff regarding what level of access they provided for each system to the DOGE team.[11] In addition, we reviewed the sign-in activity of the logs for the DOGE team members’ primary accounts used to access NLRB network resources.[12]
We conducted this performance audit from April 2025 to April 2026 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.
Background
Work stoppages and labor strife can have a significant effect on the U.S. economy. Recognizing the consequences of these issues, Congress created the NLRB as an independent federal agency in 1935. The Board administers and enforces the National Labor Relations Act, which encourages the practice of collective bargaining, protects the rights of employees in this area, and seeks to eliminate unfair labor practices.[13]
NLRB’s two primary functions are to (1) prevent employers and unions from engaging in unfair labor practices and (2) conduct secret-ballot elections among employees to determine whether they wish to be represented by a union (representation cases).[14] NLRB is headed by a five-member Board and General Counsel.
· Each Board member is appointed by the President and confirmed by the Senate for a term of 5 years, with the term of one member expiring each year. The Board primarily acts as a quasi-judicial body to decide unfair labor practice and representation cases. The Board issues several hundred decisions each year.
· NLRB’s General Counsel is appointed by the President and confirmed by the Senate for a term of 4 years. The General Counsel is independent from the Board and is responsible for investigating and prosecuting unfair labor practice cases. In addition, the General Counsel provides general legal and administrative supervision of NLRB regional and headquarters offices in the processing of unfair labor practice cases, as well as represents the Board in court.
NLRB Relies on IT to Carry out its Mission
Like other federal agencies, NLRB relies on a host of IT systems to carry out its functions. For example, the Board relies on the following six human resources systems that are managed by the Department of the Interior (Interior) and Office of Personnel Management (OPM) as shared services for other agencies to use:
· NLRB uses Interior’s Federal Personnel and Payroll System to (1) maintain and track employee personnel records, to include the initiation and processing of personnel and pay-related actions and (2) perform queries, generate reports, and access dashboards on employee data.
· The Board relies on OPM’s Electronic Official Personnel Folders to provide employees with access to their employment records.
· NLRB uses OPM’s USA Staffing System to help manage its process for hiring Board staff.
· The Board relies on OPM’s USA Performance System to help manage its process for conducting performance appraisals of staff.
· NLRB uses Interior’s Workforce Transformation Tracking System to help create and track the Board’s staffing vacancies.
· The Board relies on Interior’s QuickTime to collect time and attendance reports from its staff.
In addition, NLRB uses a contractor-operated system referred to as the Government Retirement and Benefits platform to provide federal retirements and benefits specialists with the tools to perform their day-to-day job (e.g., preparing service histories, creating retirement estimate reports).
NLRB’s DOGE Team
On April 16, 2025, NLRB entered into agreements for two General Services Administration employees to be detailed to NLRB as DOGE team staff.[15] According to the agreements, this detail assignment would aid the General Services Administration’s responsibility to improve the quality and efficiency of government-wide IT systems. In addition, the detailees’ duties and responsibilities as DOGE team staff at NLRB included:
· supporting the leadership team with the assessment and enhancement of internal processes and operational procedures,
· focusing on identifying inefficiencies and areas for improvement, and
· ensuring that the administrative and programmatic functions align with the best practices for effectiveness and accountability.
Further, the agreements stated that the DOGE team staff
were to report to Board leadership and their supervisor was the NLRB Chairman.
The agreements expired on July 25, 2025.
The DOGE Team Requested Access to Several NLRB Systems but Did Not Use Them
Both DOGE team staff (hereinafter referred to as employee A and employee B) requested access to all seven of the Board’s human resources systems. Board staff completed two of those system requests, but did not complete the other five because the DOGE team staff did not pick up their NLRB laptops and complete the steps needed to fulfill those requests. In addition, we found no evidence that the DOGE team staff accessed any systems between April 16, 2025, and July 25, 2025, the end date of their agreements.
The following provides more details on (1) the two completed requests and (2) the other five requests that were not completed.
Two completed requests. According to NLRB officials, the Board created accounts for accessing NLRB network resources on April 24, 2025, for both team staff. The DOGE team staff also requested that these accounts be given access to each of the seven human resources systems. According to NLRB officials, the agency approved two of the seven requests for system access. See table 1 for descriptions of the two systems and the level of access that was provided to the DOGE team staff in these requests.
|
System name |
Description |
Level of access for employee A |
Level of access for employee B |
|
Electronic Official Personnel Folders |
A system that provides agency staff with access to their employment records. |
Employee A was given the ability to: · search, view, and edit user profiles; · create user accounts; · configure roles and access for other employees; and · report and purge documents in the system. |
Employee B was given the ability to: · search folders, and · view, print, and download documents. Employee B’s account could not make changes to the system. |
|
Federal Personnel and Payroll System |
A system that provides human resources staff with the ability to (1) maintain and track employee personnel records, to include the initiation and processing of personnel and pay-related actions, and (2) perform queries, generate reports, and access dashboards on employee data. |
Employee A was given the ability to: · initiate and submit personnel and pay-related actions; · review, approve, or reject submitted personnel and pay-related actions; and · process, view, print, and export dashboards. Employee A’s account could not modify existing dashboards. |
Employee B was given the ability to: · view employee personnel data, and · process, view, print, and export dashboards. Employee B’s account could not · initiate personnel record actions; · review, approve, or reject personnel and pay-related actions; and · modify existing dashboards. |
Source: GAO analysis of NLRB documentation. | GAO‑26‑108774
Note: According to NLRB officials, the system accounts
were deleted in August 2025. As such, we were unable to verify the level of
access that the Board provisioned to the team members.
However, DOGE team staff did not use the accounts to enter the two systems. Specifically, as of July 25, 2025, the team staff had not picked up their NLRB laptops or activated their accounts, according to Board officials.[16] Accordingly, NLRB disabled them shortly after the agreements with team staff expired.[17] Further, we verified that DOGE team staff did not access the two systems. Specifically, we reviewed the sign-in activity of the logs for the DOGE team members’ accounts used to access NLRB network resources and verified that the team members did not log-in to these accounts.
Five requests that were not completed. Requests for access to the remaining five systems were not completed. The DOGE team staff did not pick up the laptops needed for the Board to provide them with such access, according to NLRB officials. Table 2 describes two of the five systems and the level of access detailed by DOGE team staff in these requests.
For the remaining three systems—Government Retirement and Benefits Platform, QuickTime, and USA Performance—NLRB staff explained to us that they planned to provide access based on verbal requests for access to all human resources systems.[18] Those staff added that they did not have documentation identifying the specific level of access or system role requested by the DOGE team staff for these systems.
Table 2: National Labor Relations Board (NLRB) Systems That DOGE Team Staff Requested Access to But Reportedly Did Not Receive
|
System name |
Description |
Level of access requested for employee A |
Level of access requested for employee B |
|
USA Staffing |
A system used in the federal hiring process, to include the recruitment, assessment, selection, and onboarding of candidates. |
Employee A requested access that would give the ability to: · manage USA Staffing administrative settings, and · complete all human resources user actions in every area of the system. Employee A’s request would not give the ability to adjudicate reasonable accommodation requests. |
Employee B requested access that would give the ability to view information in the system. |
|
Workforce Transformation Tracking System |
A system that helps staff create and track the Board’s staffing vacancies. |
Employee A requested access that would give them full access to the system with two limited exceptions.a |
Employee B requested access that would give the ability to view information in the system. |
Source: GAO analysis of NLRB documentation. | GAO‑26‑108774
aThe requested access would not have allowed the employee to create accounts or assign another agency to perform human resources functions at NLRB.
Agency Comments
We provided a draft of this report to NLRB for its review and comment. The Board did not have any comments on the report.
We are sending copies of this report to the appropriate congressional committees and the Chairman of the National Labor Relations Board. In addition, the report is available at no charge on the GAO website at https://www.gao.gov.
If you or your staff have any questions about this report, please contact Marisol Cruz Cain at CruzcainM@gao.gov. Contact points for our Offices of Congressional Relations and Media Relations may be found on the last page of this report.
Marisol Cruz Cain
Director,
Information Technology and Cybersecurity
List of Requesters
The Honorable Gary C. Peters
Ranking Member
Committee on Homeland Security and Governmental Affairs
United States Senate
The Honorable Alex Padilla
Ranking Member
Committee on Rules and Administration
United States Senate
The Honorable Robert C. “Bobby” Scott
Ranking Member
Committee on Education and Workforce
House of Representatives
The Honorable Robert Garcia
Ranking Member
Committee on Oversight and Government Reform
House of Representatives
The Honorable Richard J. Durbin
United States Senate
The Honorable Christopher S. Murphy
United States Senate
The Honorable Lori Trahan
House of Representatives
GAO Contact
Marisol Cruz Cain at CruzcainM@gao.gov.
In addition to the contact named above, John Bailey, Jillian Clouse, Michael Lebowitz, and Andrew Stavisky (among others) made key contributions to the report.
The Government Accountability Office, the audit, evaluation, and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony
The fastest and easiest way to obtain copies of GAO documents at no cost is through our website. Each weekday afternoon, GAO posts on its website newly released reports, testimony, and correspondence. You can also subscribe to GAO’s email updates to receive notification of newly posted products.
Order by Phone
The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s website, https://www.gao.gov/ordering.htm.
Place orders by calling (202) 512-6000, toll free (866) 801-7077,
or
TDD (202) 512-2537.
Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information.
Connect with GAO
Connect with GAO on X,
LinkedIn, Instagram, and YouTube.
Subscribe to our Email Updates. Listen to our Podcasts.
Visit GAO on the web at https://www.gao.gov.
To Report Fraud, Waste, and Abuse in Federal Programs
Contact FraudNet:
Website: https://www.gao.gov/about/what-gao-does/fraudnet
Automated answering system: (800) 424-5454
Media Relations
Sarah Kaczmarek, Managing Director, Media@gao.gov
Congressional Relations
David A. Powner, Acting Managing Director, CongRel@gao.gov
General Inquiries
[1]Exec. Order No. 14158, 90 Fed. Reg. 8,441, Establishing and Implementing the President's “Department of Government Efficiency” (Jan. 20, 2025). Specifically, the executive order established this organization by: (1) renaming the United States Digital Service as the United States DOGE Service (USDS) and (2) creating a time-limited U.S. DOGE Service Temporary Organization within the new USDS to implement the organization’s goals. The order also called for both USDS and the temporary organization to be led by a USDS Administrator who reports to the White House Chief of Staff.
[2]The executive order calls for USDS to undertake a software modernization initiative to improve the quality and efficiency of government-wide software, network infrastructure, and IT systems. In doing so, the order provides that the organization shall work with agency heads to promote interoperability between agency networks and systems, ensure data integrity, and facilitate responsible data collection and synchronization.
[3]Subsequent executive orders have assigned agency DOGE team staff with additional responsibilities, including those related to workforce optimization, deregulation, and contract and grant efficiency. Exec. Order 14210, Implementing the President’s ‘‘Department of Government Efficiency’’ Workforce Optimization Initiative, 90 Fed. Reg. 9669 (Feb. 14, 2025); Exec. Order 14219, Ensuring Lawful Governance and Implementing the President’s “Department of Government Efficiency” Deregulatory Initiative, 90 Fed. Reg. 10583 (Feb. 25, 2025); Exec. Order 14222, Implementing the President’s ‘‘Department of Government Efficiency” Cost Efficiency Initiative, 90 Fed. Reg. 11095 (Mar. 3, 2025).
[4]For example, multiple lawsuits have been filed across several federal agencies where questions were raised about USDS or agency DOGE teams’ access to federal data.
[5]PII is any information that can be used to distinguish or trace an individual’s identity, such as name, date and place of birth, or Social Security number, and other types of personal information that can be linked to an individual, such as medical, educational, financial, and employment information.
[6]For our most recent High-Risk update see, GAO, High-Risk Series: Heightened Attention Could Save Billions More and Improve Government Efficiency and Effectiveness, GAO‑25‑107743 (Washington, D.C.: Feb. 25, 2025).
[7]GAO, High-Risk Series: An Update, GAO‑15‑290 (Washington, D.C.: Feb. 11, 2015).
[8]GAO, High-Risk Series: Urgent Actions Are Needed to Address Cybersecurity Challenges Facing the Nation, GAO‑18‑622 (Washington, D.C.: Sept. 6, 2018). For our most recent update on the status of the challenges see, GAO, High-Risk Series: Urgent Action Needed to Address Critical Cybersecurity Challenges Facing the Nation, GAO‑24‑107231 (Washington, D.C.: June 13, 2024).
[9]NPR, A Whistleblower's Disclosure Details How DOGE May Have Taken Sensitive Labor Data, April 15, 2025, https://www.npr.org/2025/04/15/nx-s1-5355896/doge-nlrb-elon-musk-spacex-security (last accessed on July 31, 2025).
[10]The Board’s Inspector General is investigating allegations that one or more DOGE team members arrived in March 2025, unlawfully accessed the Board’s case management systems, and allowed potential foreign actors to exfiltrate or steal data.
[11]With the exception of the primary accounts used to access the Board’s network resources, NLRB deleted the team member accounts for system access after the agreement to detail DOGE team staff had expired and before we requested to observe the systems. As such, we were unable to verify the level of access that the Board provisioned to the team members.
[12]These accounts are used to access the other systems for which the team requested access. We took steps to verify whether DOGE team members logged in to these primary accounts.
[13]National Labor Relations Act of 1935, 29 U.S.C. §§ 151-169.
[14]All proceedings originate with the filing of charges or petitions by employees, unions, employers, or other parties in the private sector. The NLRB acts only on those charges and requests brought before it and does not initiate filings.
[15]The agreements provide that NLRB will not be required to reimburse the General Services Administration for the salary and benefits paid to the employees while on detail at NLRB.
[16]According to NLRB staff, the Board has not received further communication from the DOGE team staff or USDS to explain why they did not further engage with the Board.
[17]According to NLRB officials, the system accounts were deleted in August 2025. As such, we were unable to verify the level of access that the Board provisioned to the team members.
[18]Employee A verbally requested full access to all human resources systems and employee B orally requested “viewer” access to these systems.