A hacker who breached the communications platform used by former Trump national security adviser Mike Waltz earlier this month accessed a wider range of U.S. officials’ messages than previously known, according to a review by Reuters.
Leaked data obtained by the nonprofit Distributed Denial of Secrets revealed that over 60 unique government users were active on TeleMessage, a messaging service designed to archive communications in compliance with federal records rules. The leaked trove, covering roughly a 24-hour period ending May 4, included partial messages from disaster response teams, customs personnel, diplomatic staff, one White House official, and members of the Secret Service.
Once a niche tool used primarily within government and financial sectors, Telemessage came into public view after an April 30 Reuters photo showed Waltz using its Signal-based interface during a cabinet meeting. While Reuters could not authenticate the entire data cache, reporters verified the identities tied to several leaked phone numbers and confirmed with multiple sources that specific messages were genuine. This included a FEMA aid applicant and a financial firm whose communications were exposed.
Reuters did not find any messages from Waltz or other cabinet officials, nor did it uncover clearly classified content. Still, some messages touched on senior officials’ travel plans, including one Signal group titled “POTUS | ROME-VATICAN | PRESS GC” that appeared to relate to a Vatican event, and another concerning a trip to Jordan.
The extent of TeleMessage’s use across government agencies remains unclear. Federal data shows contracts with the State Department, the Department of Homeland Security, and the Centers for Disease Control. The platform was taken offline on May 5 “out of an abundance of caution,” and Smarsh, the Oregon-based company that owns it, has not commented on the breach. One week after the hack, CISA advised users to stop using the service unless given specific guidance from Smarsh.
