A popular messaging application utilized by a senior official from the Trump administration has halted its services following allegations of a significant data breach. Smarsh, the parent company of TeleMessage, is actively investigating the situation.
In a statement to WIRED, a Smarsh representative confirmed, “TeleMessage is investigating a potential security incident. Upon detection, we acted swiftly to contain it and have engaged an external cybersecurity firm for assistance in our investigation. As a precaution, all TeleMessage services have been temporarily suspended, while all other Smarsh products remain fully operational.”
Reports emerged recently that Mike Waltz, former national security adviser to President Trump, was seen using an unauthorized variation of the secure messaging app Signal, referred to as TeleMessage Signal or TM Signal. This application allows users to archive their communications. Images captured of Waltz indicate engagement with other prominent officials, including Vice President JD Vance, Director of National Intelligence Tulsi Gabbard, and Secretary of State Marco Rubio.
Cybersecurity experts emphasized that TM Signal’s archiving feature compromises the end-to-end encryption that is a hallmark of the legitimate Signal application. Following these revelations, independent journalists reported that a hacker had indeed breached the app, and additional evidence of this breach was later validated by other media sources.
Founded in Israel in 1999 and acquired by Smarsh last year, TeleMessage provides variations of mainstream communication applications that include compliance-focused archiving features. Despite claims of comparable security measures to their original counterparts, these alternatives may mislead users regarding their actual safety.
Waltz’s use of the app has attracted scrutiny, particularly after involving an editor from The Atlantic in discussions about military operations, an incident that subsequently led to his removal from the national security position. President Trump later expressed intentions to nominate Waltz for the ambassadorial role at the United Nations.
TeleMessage applications are not recognized under the U.S. government’s Federal Risk and Authorization Management Program (FedRAMP), highlighting an ongoing concern regarding their unauthorized proliferation. Reports suggest that numerous U.S. Customs and Border Protection agents may also be utilizing TM Signal. When questioned about the breach and its implications, the agency stated that it is currently investigating the matter.
In response to the recent disclosures, TeleMessage has removed all content from its public-facing website and suspended its archiving service. The company has committed to transparency and will provide updates on the situation as they become available. Given the implications of this breach, there are escalating concerns regarding the potential risks to U.S. national security.
This incident may illustrate several MITRE ATT&CK tactics, such as initial access through unauthorized applications and possible persistence via compromised communication channels. As investigations unfold, monitoring for potential privilege escalation and lateral movement within affected networks will be critical for understanding the breach’s impact.
