Hacker Breach of TeleMessage Exposes Communications Across U.S. Government
A hacker who breached TeleMessage, a secure communications platform used by U.S. officials — including former Trump national security adviser Mike Waltz — accessed a broad range of messages from multiple government agencies, according to a Reuters investigation. The breach has significantly expanded the scope of concern over data security in the Trump administration and beyond.
The leaked data, obtained by nonprofit transparency group Distributed Denial of Secrets, revealed intercepted communications involving over 60 unique U.S. government users, including:
-
Disaster responders
-
Customs and Border Protection officials
-
U.S. diplomats
-
Secret Service members
-
A White House staffer
-
FEMA and financial sector personnel
The messages, spanning a roughly 24-hour period ending May 4, included discussions related to travel logistics for senior U.S. officials, such as a group labeled “POTUS | ROME-VATICAN | PRESS GC,” likely linked to preparations for a presidential visit. Another appeared to discuss a trip to Jordan involving U.S. personnel.
While Reuters did not identify any classified or overtly sensitive information, experts caution that the metadata alone — including who was talking to whom, when, and in what context — poses a serious counterintelligence risk.
“Even if you don’t have the content, that is a top-tier intelligence access,” said Jake Williams, a former NSA cyber expert, now at Hunter Strategy.
Waltz and Previous Signal Controversy
The breach of TeleMessage, which modifies secure apps like Signal to meet federal archiving requirements, drew attention after Mike Waltz was photographed using the platform during a Cabinet meeting on April 30. While no messages directly linked to Waltz have surfaced in the leak, his previous misuse of Signal — including inadvertently adding a journalist to a chat discussing real-time air raids on Yemen — led to his removal as national security adviser. He was later nominated to serve as U.S. ambassador to the United Nations.
Unclear Scope, Ongoing Investigations
The extent of the breach remains under investigation. The platform, owned by Smarsh, a Portland, Oregon-based digital communications firm, was taken offline on May 5 “out of an abundance of caution.” Smarsh has not responded to media inquiries.
Affected agencies include:
-
Department of Homeland Security
-
State Department
-
Centers for Disease Control and Prevention (CDC)
-
Federal Emergency Management Agency (FEMA)
-
Customs and Border Protection (CBP)
While some agencies downplayed the risk or claimed no confirmed compromise, others are still conducting internal reviews. The Cybersecurity and Infrastructure Security Agency (CISA) has since advised all users to cease use of the platform unless further mitigation steps are provided.
Key Questions Unanswered
Neither Waltz nor the White House has publicly addressed how or why TeleMessage was used or whether any guidelines were breached. The use of such platforms — designed to balance privacy, security, and legal compliance — now faces renewed scrutiny amid the apparent ease with which the hacker penetrated multiple layers of sensitive communications.
The incident adds to a growing list of cyber breaches targeting U.S. institutions in recent years, raising alarm about the resilience of federal communications systems in a time of heightened geopolitical risk and digital espionage.
