A major security breach has exposed sensitive personal information of top U.S. national security officials online, according to an investigation by German news magazine Der Spiegel.
Mobile phone numbers, email addresses, and even passwords belonging to National Security Adviser Mike Waltz, Director of National Intelligence Tulsi Gabbard, and Secretary of Defense Pete Hegseth were discovered using commercial people search engines and publicly available hacked data.
The compromised information includes active contact details linked to social media profiles on Instagram and LinkedIn, as well as accounts on WhatsApp, Signal, and Dropbox. Some of the data was also connected to fitness tracking applications that could reveal location information.
The timing of this revelation is particularly concerning as it follows recent reports that these officials used a Signal chat group to discuss classified military strike plans against Houthi targets in Yemen. The exposed private data could potentially allow hostile actors to install spyware on the officials' devices and intercept sensitive communications.
According to cybersecurity expert Donald Ortmann, exposed data of high-ranking politicians can enable convincing phishing attacks, unauthorized access to email and chat services, and even sophisticated deepfake attacks using available photos and audio.
Der Spiegel noted that Secretary Hegseth's information was especially easy to obtain through commercial contact databases. His email address and associated passwords appeared in over 20 separate data leaks. While Director Gabbard appeared to take more precautions by blocking her data from commercial search engines, her information was still discoverable through WikiLeaks and Reddit posts.
The officials and relevant government departments have not responded to requests for comment about this security breach. The National Security Council has stated that Waltz's referenced accounts and passwords were changed in 2019.
This incident highlights significant vulnerabilities in how personal data of top U.S. security officials is protected and raises questions about the security implications for sensitive government operations.