A recent data breach involving TeleMessage, a messaging platform used by several U.S. government agencies, has exposed communications metadata from more than 60 federal officials. They include disaster response teams, diplomatic staff, and even a White House employee. Experts warn it could pose a significant counterintelligence risk.
First reported by Reuters, the breach first surfaced on the leak site Distributed Denial of Secrets (a U.S. nonprofit whose stated mission is to archive hacked and leaked documents in the public interest).
It was initially linked to a communication used by former Trump national security adviser Mike Waltz. But a deeper look reveals a wider compromise of government personnel and agencies than previously understood.
The cache, reviewed by Reuters and independently verified in part, includes messages intercepted during a roughly 24-hour window that ended on 4 May. While many messages are fragmentary and not obviously sensitive, the leak’s implications run deeper than the content itself.
The metadata matters more than the message
Security experts say the true risk lies in the metadata, or the “who, when, and where” behind these conversations. Even in the absence of classified content, that information can paint a detailed picture of government movements and relationships.
“Even if you don’t have the content, that’s a top-tier intelligence access,” said Jake Williams, a former NSA cyber operator and now VP of research at Hunter Strategy.
This is the kind of data nation-state actors dream of.
Among the leaked conversations were apparent logistics discussions surrounding senior government travel, including one Signal group chat labeled “POTUS | ROME-VATICAN | PRESS GC,” and another referring to a U.S. delegation trip to Jordan.
An app designed for compliance, now a cybersecurity headache
TeleMessage, a compliance-oriented messaging service that adapts encrypted apps like Signal for archiving under federal recordkeeping rules, had quietly found a home within multiple federal agencies. But that home is now under investigation, and the app has been offline since 5 May “out of an abundance of caution.”
Portland-based Smarsh, which owns TeleMessage, has not responded to multiple requests for comment. Nor has it clarified how many agencies were actively using the service at the time of the breach.
Contracting records show that TeleMessage had been adopted by agencies including the State Department, Department of Homeland Security (DHS), and Centers for Disease Control and Prevention (CDC). While the CDC told Reuters it had trialed the app in 2024 and abandoned it, the status of other agency relationships is unclear.
Federal agencies scramble for answers
The White House acknowledged the incident but offered no comment on its use of the platform. The Secret Service confirmed that “a small subset” of its personnel had used TeleMessage and said it is reviewing the situation. FEMA said it had “no evidence” of a compromise, but declined to comment further when presented with leaked FEMA messages.
Customs and Border Protection reiterated its earlier statement that TeleMessage use had been disabled and an investigation was underway.
Meanwhile, the Cybersecurity and Infrastructure Security Agency (CISA) has advised all government users to cease using TeleMessage unless specific mitigations are in place.
A pattern of mishandled messaging?
The breach comes not long after another Waltz-linked messaging incident made headlines: in what became known as “Signalgate,” the former national security adviser accidentally added a journalist to a Signal group where cabinet officials were discussing military actions in real time. Waltz was later replaced but continued to serve in the Trump administration.
The exact circumstances of Waltz’s use of TeleMessage remain unclear. Neither he nor the White House has commented.
Not the worst breach, but still bad
To be clear, this isn’t Signalgate 2.0. There are no chats about bombing campaigns, no high-level military strategy discussed in real time. But the sheer scope of the exposed users (FEMA applicants, Secret Service members, diplomatic staff, and White House personnel) paints a troubling picture of how fragile communications security can be, even when compliance tools are in place.
What should’ve been a secure, archivable alternative to consumer-grade messaging apps has instead become the latest case study in the risks of third-party platforms.
As TeleMessage remains offline and investigations continue, one thing is certain: metadata is having a moment, and it may be telling adversaries more than we ever intended.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.