Messages from dozens of US officials found in leaked breach of Israel-founded app

A hacker who breached the communications service used by former Trump national security adviser Mike Waltz earlier this month intercepted messages from a broader swath of American officials than has previously been reported, according to a Reuters review, potentially raising the stakes of a breach that has already drawn questions about data security in the Trump administration.

Reuters identified more than 60 unique government users of the messaging platform TeleMessage in a cache of leaked data provided by Distributed Denial of Secrets, a US nonprofit whose stated mission is to archive hacked and leaked documents in the public interest.

The trove included material from disaster responders, customs officials, several US diplomatic staffers, at least one White House staffer and members of the Secret Service. The messages reviewed by Reuters covered a roughly daylong period of time ending on May 4, and many of them were fragmentary.

Once little known outside government and finance circles, the Israel-founded TeleMessage drew media attention after an April 30 Reuters photograph showed Waltz checking TeleMessage’s version of the privacy-focused app Signal during a cabinet meeting.

While Reuters could not verify the entire contents of the TeleMessage trove, in more than half a dozen cases the news agency was able to establish that the phone numbers in the leaked data were correctly attributed to their owners. One of the intercepted texts’ recipients — an applicant for aid from the Federal Emergency Management Agency — confirmed to Reuters that the leaked message was authentic; a financial services firm whose messages were similarly intercepted also confirmed their authenticity.

Based on its limited review, Reuters uncovered nothing that seemed clearly sensitive and did not uncover chats by Waltz or other cabinet officials. Some chats did seem to bear on the travel plans of senior government officials. One Signal group, “POTUS | ROME-VATICAN | PRESS GC,” appeared to pertain to the logistics of an event at the Vatican. Another appeared to discuss US officials’ trip to Jordan.

US President Donald Trump, right, and First Lady Melania Trump step off Air Force One upon arrival at Leonardo da Vinci International Airport in Rome, Italy, April 25, 2025. (Mandel Ngan/AFP)

Reuters reached out to all the individuals it could identify seeking comment; some confirmed their identities but most didn’t respond or referred questions to their respective agencies.

Reuters could not ascertain how TeleMessage had been used by each agency. The service — which takes versions of popular apps and allows their messages to be archived in line with government rules — has been suspended since May 5, when it went offline “out of an abundance of caution.” TeleMessage’s owner, the Portland, Oregon-based digital communications firm Smarsh, did not respond to requests for comments about the leaked data.

The White House said in a statement that it was “aware of the cyber security incident at Smarsh” but didn’t offer comment on its use of the platform. The State Department didn’t respond to emails. The Department of Homeland Security, the parent agency for FEMA, CISA, the Secret Service, and Customs and Border Protection, similarly did not respond to messages. FEMA said in an email that had “no evidence” that its information had been compromised. It didn’t respond when sent copies of internal FEMA messages. A CBP spokesperson repeated a past statement noting that it had disabled TeleMessage and was investigating the breach.

TeleMessage was launched in Petah Tikva in 1999. In February 2024, it was acquired by Smarsh, retaining co-founder and CEO Guy Levit as well as an office in Israel.

The TeleMessage office in Petah Tikva. (Screen capture: Google Street View)

Federal contracting data shows that State and DHS have had contracts with TeleMessage in recent years, as has the Centers for Disease Control. A CDC spokesperson told Reuters in an email Monday that the agency piloted the software in 2024 to assess its potential for records management requirements “but found it did not fit our needs.”

The status of the other contracts wasn’t clear. A week after that hack, the US cyber defense agency CISA recommended that users “discontinue use of the product” barring any mitigating instructions about how to use the app from Smarsh.

According to Shomrim, the Center for Media and Democracy, an Israeli investigative outlet, several Israeli government offices also used TeleMessage as of 2024, including the Foreign Ministry, Justice Ministry, and Health Ministry.

Jake Williams, a former National Security Agency cyber specialist, said that, even if the intercepted text messages were innocuous, the wealth of metadata — the who and when of the leaked conversations and chat groups — posed a counterintelligence risk.

“Even if you don’t have the content, that is a top-tier intelligence access,” said Williams, now vice president of research and development at cybersecurity firm Hunter Strategy.

Locals inspect the site reportedly struck by US airstrikes overnight in Sanaa, Yemen, Thursday, March 20, 2025. (AP Photo)

Waltz’s prior use of Signal created a public furor when he accidentally added a prominent journalist to a Signal chat where he and other Trump cabinet officials were discussing air raids on Yemen in real time.

Soon after, Waltz was ousted from his job, although not from the administration: Trump said he was nominating Waltz to be the next US ambassador to the United Nations.

The circumstances surrounding Waltz’s use of TeleMessage haven’t been publicly disclosed and neither he nor the White House has responded to questions about the matter.