 "Representational Image - FP")
A hacker who breached a communications service used by former Trump national security adviser Mike Waltz earlier this month also intercepted messages from dozens of other US government officials, according to a review of leaked data by Reuters. The breach raises new concerns about data security across federal agencies.
Reuters identified more than 60 US government personnel using the messaging platform TeleMessage, which is designed to make apps like Signal compliant with official archiving requirements. The leaked messages, shared by the nonprofit Distributed Denial of Secrets, covered a roughly 24-hour period ending on May 4. The data included messages linked to officials in the Secret Service, Federal Emergency Management Agency (FEMA), US Customs and Border Protection, and even one White House staffer.
While most of the intercepted messages were fragmentary and no classified information was found, some communications referenced the travel schedules of senior US officials. One Signal group chat appeared to coordinate a presidential visit to the Vatican, while another discussed a trip to Jordan.
Platform goes dark after leak
The breach became public after an April 30 photograph showed Waltz using TeleMessage during a cabinet meeting. The platform went offline on May 5, with its parent company Smarsh citing “an abundance of caution.” Smarsh, based in Portland, Oregon, did not respond to requests for comment.
The White House acknowledged awareness of the cybersecurity incident but declined to elaborate. FEMA said it had “no evidence” its data was compromised, though it did not respond when presented with what appeared to be internal agency messages. The Department of Homeland Security, which oversees FEMA, the Secret Service, and CBP, also did not comment. CBP confirmed that it had disabled TeleMessage and launched an investigation. The State Department did not respond.
Security experts warn of metadata risks
Although the content of many messages appeared mundane, cybersecurity experts said the real danger may lie in the metadata— details about who communicated, when, and in what context. Jake Williams, a former National Security Agency cyber specialist, said such information alone can present a “top-tier intelligence access” opportunity.
The Centers for Disease Control and Prevention, which previously tested TeleMessage, said it ultimately chose not to use the platform, citing records management concerns.
The US Cybersecurity and Infrastructure Security Agency (CISA) issued a notice following the hack urging agencies to stop using the platform unless Smarsh provides new security guidance.
Impact Shorts
More ShortsQuestions remain about Waltz’s use
Waltz had previously drawn scrutiny for using Signal during real-time discussions about military action in Yemen, mistakenly adding a journalist to a group chat. The incident led to his departure from the national security post, though he was later nominated by President Donald Trump to serve as U.S. ambassador to the United Nations.
Neither Waltz nor the White House has commented on the circumstances of his use of TeleMessage or the latest breach.
With inputs from agencies