Telemessage Hack publishes data from Secret Service, FEMA, White House staff and more than 60 US authorities

Hackers who violated the government messaging platform used by former Trump national security adviser Mike Waltz earlier this month apparently had much more access than they initially believed. According to an exclusive report from Reuters, the violation affected a wide range of American officials and raised new concerns about the safety of internal communications in US federal agencies.

The revelation comes within just two weeks of reports that the hackers have defeated Telemessage. This is an Israeli company that creates modified versions of Signal, WhatsApp, Telegram and other versions for clients, including the US government. The violations archived government communications and raised new alarms regarding the security of the official messaging platform.

“The hackers who violated the communications services used by former Trump national security adviser Mike Waltz earlier this month have intercepted messages from American officials that were wider than previously reported,” Reuters said.

Telemessage, which allows message archives to meet federal compliance standards, is used by a variety of US agencies. The leaked cache of data reviewed by Reuters — shared in Originality by a dispersed transparency group for secrets denials — has released more than 60 identifiable government users on the platform.

Within Telemedge Hack: Metadata, missed warnings, national security gaps

The leak revealed messages from US diplomats, customs staff, FEMA personnel, White House staff, and even members of the Secret Service. The intercepted messages cover the 24-hour window that ends on May 4th. While many of the messages have been incomplete or mediocre, some suggest travel logistics from senior government officials. One signal group, named “Potus | Rome-Vatican | Press GC,” refers to the potential for presidential travel.

“Reuters has identified more than 60 unique government users of the messaging platform Telemedge in the cache of leaked data provided by the denial of secrets distributed. Its mission is a US nonprofit organization that archives public interest hacking and leaked documents. Many of them were fragmented for the period of the day that ended May 4th.”

Oregon-based Smarsh Telemessage has been offline since May 5th. A company spokesman did not respond to Reuters’ requests for comment. Neither did that, nor did the White House, the State Department, or the Department of Homeland Security (overseeing FEMA, Secret Services, customs and border security). FEMA responded, saying that there was “no evidence” that the data was compromised.

The Centers for Disease Control and Prevention confirmed that they piloted the telemessage last year, but dropped it, saying the software didn’t meet records management needs. Public federal records confirm contracts between Telemedge and agencies such as the CDC, DHS, and the State Department, but the status of these contracts is unknown.

Reuters was unable to see all the details of the leaked archives, but was able to verify ownership of some phone numbers linked to the intercepted messages. One recipient who applied for assistance from FEMA confirmed that the message was authentic. The financial services company caught up in the leak did the same.

No very sensitive messages were found in the batches reviewed. Still, cybersecurity experts are worried about something else: metadata. Who was talking to who and when? That alone can give the enemy a fairly good map of official communication.

“Even if you don’t have content, it’s first-class intelligence access,” said Jake Williams, a former NSA cyber specialist who currently leads R&D in Hunter Strategy.

It was not widely known outside of finance and some governmental circles until a Reuters photo on April 30 showed that Waltz would check the app (the version of the signal) where the cabinet meeting was held. The image sparked media attention and renewed interest in how US officials communicate in closed circles.

This is not the first time that Waltz has created a headline in an encrypted chat. He previously added journalists, including other Trump officials actively discussing air raids in Yemen. The slip-up sparked public protests and he later lost his role as national security adviser, but Trump later nominated him for the UN ambassador.

Neither the Waltz nor the White House commented on his use of telemessages or leaks.

Meanwhile, unless new instructions are issued by Smarsh, the Cybersecurity and Infrastructure Security Agency (CISA) has already advised users to stop using the app. It is unclear whether the agency is following that advice or quietly moving to other platforms.