With the Trump administration working to move past the inadvertent exposure of its Middle East war plans, the issue of data seepage has been brought to the forefront for government and private organizations.
Earlier this week, a report in The Atlantic disclosed how the publication’s own editor-in-chief was unintentionally included on a Signal group chat between multiple government officials.
In the chat, multiple high level officials, including Defense Secretary Pete Hegseth and Director of National Intelligence Tulsi Gabbard, discussed the government’s plans to strike Houthi rebels in Yemen.
Unbeknownst to those officials was the presence of The Atlantic's Jeffrey Goldberg. In addition to details of planned and ongoing military strikes, Goldberg was shown details on CIA field operatives. All were potentially dangerous exposures for the American agents and troops active in the region.
The administration has attempted to downplay the exposure, claiming in a congressional hearing that no classified level information was shared on the chat.
“My communications, to be clear, in a Signal message group were entirely permissible and lawful and did not include classified information,” said CIA Director John Ratcliffe.
That statement was further questioned when The Atlantic posted a follow-up report with additional details on what information was being passed around between officials and journalists regarding military plans and intelligence information.
While Signal is renowned for being an end-to-end secured messaging platform for the general public, most people would not see it as a channel of communications for classified government communications, particularly when it is possible to include a journalist lacking security clearance.
Risk from 3rd-party platforms often due to human error
The issue is in itself a headache for the Trump administration, but it also raises a larger issue for other government agencies and private sector contractors who work with them. What is the risk of data leaking from third-party communications platforms and inadvertent exposures?
Chris Bates, chief security officer with Cyberhaven, said that the use of secured messaging apps for communications between officials is not uncommon, though usually there is far more care applied as to who is involved.
“Normally, they are better about vetting who is in what channels, but they are commonly used,” Bates explained in an interview with SC Media.
“It is on the onus of the people operating, it is always a people problem. It is human error twice over.”
Eran Barak, chief executive officer of security provider MIND, said that government agencies are not alone in being exposed to these sort of data seepage incidents — private sector companies are also at risk.
“Sensitive data leaks like these aren’t outliers — they’re reflections of a systemic issue across practically every organization, whether within the federal government or enterprises, highly regulated or not,” Barak told SC Media.
“Leaked intel isn’t just a government risk — it’s an enterprise reality, whether inadvertent or with malicious intent.”
Both executives said that while there are some solutions to mitigate the risk of data seepage, there is no one magic bullet that will prevent communications from being exposed to unintended parties.
“In this Hegseth incident with the Signal app used for messaging, a DLP platform could stop sensitive data leaks on laptops and desktops, but mobile devices like iPhones and Androids will have limitations,” noted Barak.
“That’s where mobile device management (MDM) and mobile application management (MAM) platforms can help to provide the controls with these mobile operating systems.”
Bates pointed out that the very nature of collaboration apps and group chats makes any one standard or method highly impractical, and as such there is going to be a certain amount of exposure that cannot be avoided.
“Enterprise messaging tools are not great at collaborating across boundaries, there is no really great platform,” Bates said.
“When it comes to collaboration there is just no real way to do that.”
