Starlink, the White House, and the Data Breach Few Are Talking About

How a rogue satellite network quietly routed sensitive government data beyond federal oversight, and why the agency behind it is now inside the IRS and Social Security.

Jun 12, 2025

In some government buildings, you are not allowed to enter with your phone, and for good reason: sensitive information demands strict control.

And yet earlier this year, DOGE installed a private satellite internet network just steps from the West Wing. It wasn’t authorized by White House IT. It wasn’t routed through secure federal channels, and it wasn’t logged.

That network, powered by Elon Musk’s Starlink system, quietly facilitated the transfer of unknown quantities of data out of the White House campus, completely unmonitored and completely unaccounted for.

More disturbing still, a similar Starlink setup was tied to a security breach at another federal agency, where foreign login attempts were recorded within minutes of DOGE-linked credentials being created.

We don’t know what data was taken. We don’t know who accessed it. And, four months later, we still don’t know whether the breach ever stopped.

We just hit 15,000 subscribers—thank you!

Get exclusive access for just $1/week or $52 a year.

Get exclusive analysis and fearless reporting you won’t find in corporate media.

What We Know

In February 2025, a Starlink terminal was installed on the roof of the Eisenhower Executive Office Building, part of the White House complex. It was managed by the Department of Government Efficiency (DOGE), a Musk-linked office.

The terminal broadcast a wireless network labeled “Starlink Guest.” It allowed internet access to government laptops, personal devices, and visiting systems, without routing traffic through federal VPNs or firewalls.

By mid-March, whistleblowers reported large data transfers from devices connected to the Starlink Guest network. These were unlogged and invisible to federal cybersecurity monitors.

In April, a similar Starlink system deployed at the National Labor Relations Board (NLRB) triggered an even more severe alert: logs were erased, malware was detected, and login attempts from a Russian IP address using valid credentials were blocked solely due to location restrictions.

The full scale of the breach is still unknown. However, the evidence suggests that this was not an isolated incident but rather a systemic problem.

Why It’s Dangerous

The Starlink network required only a password, no device validation, no username, and no multi-factor authentication (MFA). White House–issued laptops connected to it, bypassing the mandatory VPN tunnel and federal logging infrastructure.

This is not how government devices are supposed to work. At virtually every level of government, access to internal programs and files is gated behind secure VPNs and authentication firewalls.

For that protocol to fail here means one of three things:

The data wasn’t stored securely and was instead kept in local or cloud-accessible environments.
Security configurations were mismanaged or disabled, allowing staff members to connect to unauthorized networks.
Someone actively altered security settings to enable the bypass.

No matter the cause, the result is the same: sensitive government devices linked to a private, unmonitored ISP inside the Executive Branch. That’s not just a violation of protocol. It’s an open door for espionage.

The NLRB Incident

In early March, whistleblower Daniel Berulis detected a 10 GB spike in outbound data from NLRB systems, tied to new DOGE-created user accounts. Around the same time, monitoring tools and logs were disabled.

Then, within minutes, the system recorded login attempts from a Russian IP address, using correct usernames and passwords. The only thing that prevented access was a location-based block, not invalid credentials.

A significant data transfer. Logging disabled. A near-immediate foreign login attempt. It fits the profile of a breach, cover-up, and attempted exploitation, enabled by the same Starlink infrastructure seen at the White House.

The Bigger Pattern

What happened at the White House and the NLRB isn’t just a pair of missteps; it’s a revealing look at a systemic strategy. The same tactics reappear in both places: off-grid satellite internet, unmonitored access, federal devices connected to private networks, and security logs mysteriously wiped before anyone could review what happened. Then, in the aftermath, credentialed login attempts from foreign IPs.

This wasn’t a coincidence. It was a repeatable model, a shadow infrastructure inserted directly into federal spaces. It raises an unavoidable question: if it was done at the White House and the NLRB, where else has it been done? How many other agencies have similar terminals, or unknowingly allowed personnel linked to DOGE to sidestep security in the same way?

We don’t yet have those answers, because no one is forcing them.

The Discomforting Silence

Despite the implications—data transferred without authorization, foreign login attempts using real credentials, and disabled logs inside the Executive Office—coverage of the breach has remained limited. While outlets like The Washington Post, NPR, and The Guardian have reported pieces of the story, the national media at large has largely avoided confronting the pattern or asking the hard follow-up questions.

Meanwhile, the Starlink terminal remains in place. The White House has made no public statement. No audit results have been released, and the federal IT community tasked with securing these systems has been kept in the dark.

It’s a dangerous silence, not just because the public deserves answers, but because it signals to bad actors, both foreign and domestic, that unauthorized access can happen without consequence, so long as it’s cloaked in bureaucracy.

Share The Coffman Chronicle

The Legal & Institutional Shield Around DOGE

If the technical breaches exposed the vulnerability of federal systems, recent legal decisions have exposed an even deeper problem: there may be no meaningful oversight left.

On June 6, the U.S. Supreme Court cleared the way for DOGE to access Social Security records, including highly sensitive personal and medical data. On the same day, the same court also granted a stay on a transparency lawsuit seeking to force disclosure of DOGE’s internal operations, effectively sealing its actions from public view.

Even more alarming, in February, DOGE began integrating with the IRS’s most sensitive databases, including the Integrated Data Retrieval System. That system houses the financial lives of millions of Americans, including bank info, tax returns, addresses, and identities.

In other words, DOGE now has legally protected access to some of the most powerful data repositories in the country, while simultaneously operating beyond the reach of oversight or the Freedom of Information Act (FOIA).

The same organization that oversaw off-the-books satellite networks and credential breaches is now inside the IRS, Social Security, and other agencies and legally shielded from scrutiny.

At least since mid-March, a covert Starlink link inside the White House has facilitated unmonitored data transfers. The same network design was also observed at the NLRB, where foreign actors nearly breached federal systems.

Since then:

DOGE has been legally cleared to access Social Security and IRS records.
The public has been legally blocked from examining its operations.
Not a single agency has publicly confirmed that the breach has been contained.

What Must Happen Now

Immediate disconnection of all DOGE-installed Starlink systems on federal property.
Instant cessation of all DOGE activity in every federal agency.
Independent investigations into DOGE’s presence at all federal agencies.
Mandatory disclosure of all DOGE deployments, network traffic, and credential provisioning.
Prosecution and removals: If anyone at DOGE facilitated, concealed, or profited from unauthorized access, they must face legal and professional consequences.
Permanent policy bans on third-party ISP access and personal devices within executive offices.

This is not a scandal. This is a failure of structural security and oversight. The breach may have happened. However, failing to act now would be a breach of duty.

Some might say the damage is already done. DOGE has had months inside Social Security, the IRS, and agencies across the federal system. We’ve seen what they do with Starlink: disable the logs, route around the firewalls, and expose credentials. There’s no reason to believe other agencies are any more secure.

That doesn’t mean we stop asking questions. It means we start asking harder ones, and demanding consequences, not just investigations.