Hacker Steals Data From US Government Through App Used By Trump Aide
A recent breach of the communications service used by former Trump national security adviser Mike Waltz has raised questions about data security in the Trump administration. A hacker who breached TeleMessage, a messaging platform used by government officials, intercepted messages from over 60 unique government users, including disaster responders, customs officials, and White House staff.
According to Reuters, the breach occurred earlier this month and was discovered when the platform went offline "out of an abundance of caution." The owner of TeleMessage, Smarsh, has not responded to requests for information about the leaked data. The White House has acknowledged the incident but did not provide details on its use of the platform.
Reuters identified more than 60 unique government users of TeleMessage in a cache of leaked data provided by Distributed Denial of Secrets, a U.S. nonprofit that archives hacked and leaked documents in the public interest. The trove included material from disaster responders, customs officials, several U.S. diplomatic staffers, at least one White House staffer, and members of the Secret Service.
The messages reviewed by Reuters covered a roughly day-long period of time ending on May 4, and many of them were fragmentary. However, in more than half a dozen cases, the news agency was able to establish that the phone numbers in the leaked data were correctly attributed to their owners. One financial services firm whose messages were intercepted confirmed the authenticity of the leak.
A FEMA applicant for aid who received one of the intercepted texts confirmed to Reuters that the message was authentic. A financial services firm, whose messages were similarly intercepted, also confirmed their authenticity.
Based on its limited review, Reuters uncovered nothing that seemed clearly sensitive and did not uncover chats by Waltz or other cabinet officials. Some chats did seem to bear on the travel plans of senior government officials. One Signal group, "POTUS | ROME-VATICAN | PRESS GC," appeared to pertain to the logistics of an event at the Vatican.
Another Signal group discussed U.S. officials' trip to Jordan. Reuters reached out to all the individuals it could identify seeking confirmation but some confirmed their identities while most didn't respond or referred questions to their respective agencies.
The Service Behind the Breach
TeleMessage is a messaging platform that takes versions of popular apps and allows their messages to be archived in line with government rules. The service has been suspended since May 5, when it went offline "out of an abundance of caution." TeleMessage's owner, Smarsh, did not respond to requests for information about the leaked data.
Federal contracting data shows that State and DHS have had contracts with TeleMessage in recent years, as has the Centers for Disease Control. The CDC piloted the software in 2024 to assess its potential for records management requirements "but found it did not fit our needs," a spokesperson told Reuters.
The Consequences of the Breach
A week after the hack, the U.S. cyber defense agency CISA recommended that users "discontinue use of the product" barring any mitigating instructions about how to use the app from Smarsh. Jake Williams, a former National Security Agency cyber specialist, said that even if the intercepted text messages were innocuous, the wealth of metadata - the who and when of the leaked conversations and chat groups - posed a counterintelligence risk.
"Even if you don't have the content, that is a top-tier intelligence access," Williams said. "It's not just about the content; it's about what that content says about your adversaries and their intentions."
The Circumstances Surrounding Waltz's Use of TeleMessage
Waltz's prior use of Signal created a public furor when he accidentally added a prominent journalist to a Signal chat where he and other Trump cabinet officials were discussing air raids on Yemen in real time. Soon after, Waltz was ousted from his job.
The circumstances surrounding Waltz's use of TeleMessage have not been publicly disclosed and neither he nor the White House has responded to questions about the matter.