A hacker has exploited a vulnerability in TeleMessage, an Israeli company that offers modified, archivable versions of encrypted messaging apps like Signal, Telegram, and WhatsApp—resulting in the exposure of sensitive communications data linked to U.S. government officials and private companies, according to a report by 404 Media.
TeleMessage, which communications compliance firm Smarsh owns, enables enterprises and government agencies to retain records of messages, including voice notes, sent through otherwise end-to-end encrypted platforms. The tool is commonly used to meet regulatory requirements in sectors such as finance and government.
The breach comes shortly after revelations that former U.S. National Security Adviser Mike Waltz was using a customized version of Signal provided by TeleMessage. While there is no indication that Waltz’s or other cabinet officials’ messages were directly compromised, the hacker reportedly accessed a trove of sensitive data. This includes the contents of some archived messages, contact details of government personnel, internal login credentials for TeleMessage systems, and information linked to high-profile clients such as U.S. Customs and Border Protection, Coinbase, and Scotiabank.
Crucially, the incident raises concerns about Telemessage’s security model. According to 404 Media, archived messages from the modified Signal client are not protected by end-to-end encryption as they are transferred to storage, leaving them potentially vulnerable to interception or unauthorized access.
Neither Smarsh nor the affected organizations, Signal, U.S. Customs and Border Protection, Coinbase, and Scotiabank—have publicly commented on the breach at this time.
The incident underscores ongoing challenges in balancing regulatory compliance with strong data security, especially when modifying or extending the functionality of encrypted communication platforms.
