TeleMessage hack exposes data from Secret Service, FEMA, White House staff, and 60+ U.S. officials

A hacker who breached the government messaging platform used by former Trump national security adviser Mike Waltz earlier this month appears to have accessed far more than originally believed. According to an exclusive report from Reuters, the breach impacted a wide range of American officials, raising fresh concerns over the security of internal communications in U.S. federal agencies.

The revelation comes just under two weeks after reports of a hacker breaching TeleMessage, an Israeli firm that creates modified versions of apps like Signal, WhatsApp, and Telegram for clients, including the U.S. government. The breach exposed archived government communications and raised new alarms about the security of official messaging platforms.

“A hacker who breached the communications service used by former Trump national security adviser Mike Waltz earlier this month intercepted messages from a broader swathe of American officials than has previously been reported,” Reuters noted.

TeleMessage, which enables message archiving to meet federal compliance standards, is used by various U.S. agencies. A leaked cache of data reviewed by Reuters—originally shared by the transparency group Distributed Denial of Secrets—revealed more than 60 identifiable government users on the platform.

Inside the TeleMessage Hack: Metadata, Missed Warnings, and National Security Gaps

The leak revealed messages from U.S. diplomats, customs officers, FEMA personnel, a White House staffer, and even members of the Secret Service. The intercepted messages cover about a 24-hour window ending May 4. While many of the messages were incomplete or mundane, some hinted at travel logistics for senior government officials. One Signal group was named “POTUS | ROME-VATICAN | PRESS GC,” pointing to a possible presidential trip.

“Reuters identified more than 60 unique government users of the messaging platform TeleMessage in a cache of leaked data provided by Distributed Denial of Secrets, a U.S. nonprofit whose stated mission is to archive hacked and leaked documents in the public interest. The trove included material from disaster responders, customs officials, several U.S. diplomatic staffers, at least one White House staffer and members of the Secret Service. The messages reviewed by Reuters covered a roughly day-long period of time ending on May 4, and many of them were fragmentary.”

TeleMessage, which is owned by Oregon-based Smarsh, has been offline since May 5. A spokesperson for the company did not respond to Reuters’ request for comment. Neither did the White House, State Department, or the Department of Homeland Security (which oversees FEMA, the Secret Service, and Customs and Border Protection). FEMA did reply but said it had “no evidence” its data was compromised—yet it didn’t comment on leaked FEMA messages when asked.

The Centers for Disease Control acknowledged it piloted TeleMessage last year but dropped it, saying the software didn’t meet its needs for records management. Public federal records confirm contracts between TeleMessage and agencies like the CDC, DHS, and State Department, though the status of those agreements is unclear.

While Reuters couldn’t confirm every detail in the leaked archive, it did manage to verify ownership of several phone numbers linked to intercepted messages. One recipient—who had applied for aid from FEMA—confirmed their message was real. A financial services firm caught in the leak did the same.

No highly sensitive messages were found in the batch reviewed. Still, cybersecurity experts are worried about something else: the metadata. Who was talking to whom, and when. That alone can give adversaries a pretty good map of official communications.

“Even if you don’t have the content, that is a top-tier intelligence access,” said Jake Williams, a former NSA cyber specialist who now leads R&D at Hunter Strategy.

TeleMessage wasn’t widely known outside of finance and some government circles until a Reuters photograph from April 30 showed Waltz checking the app—its version of Signal—during a cabinet meeting. The image triggered media attention and renewed interest in how U.S. officials communicate in closed circles.

This isn’t the first time Waltz has made headlines over encrypted chats. He previously added a journalist to a Signal group that included other Trump officials actively discussing air raids in Yemen. The slip-up sparked public outcry, and though he later lost his national security adviser role, Trump later nominated him for U.S. ambassador to the United Nations.

Neither Waltz nor the White House has commented on his use of TeleMessage or the leak.

Meanwhile, the Cybersecurity and Infrastructure Security Agency (CISA) has already advised users to stop using the app, unless new instructions from Smarsh are issued. Whether agencies are following that advice—or quietly moving to other platforms—is unknown.