Mixed Signals – the White House group chat incident

15th April 2025

What errors in cyber security resilience were made that allowed government secrets to leak and how could more of a focus on cyber security training prevent it from happening again?

Last month, I expect you heard about a group of senior officials within the US government who accidentally added a journalist to a Signal group chat they were using. They gave away confidential information, including the time and location of a military operation, to a member of the press.

Now, I’m not going to go into the political ramifications here – you get enough of that online, I’m sure. Instead, I wanted to think about the cyber security implications: what measures were not taken and how could the leak have been prevented.

To start with, these officials shouldn’t have been talking on Signal in the first place. Though the app has robust features like encryption and automated message deleting, US government officials are meant to use a system in their homes that is designed to be far more secure.

Evidently, there was a lack of awareness or training: even if Signal held, their phones could be taken from them physically and breached. There was no verification or two-factor check to enter the chat: anyone could have been added. If a journalist managed to find their way into a high-level conversation, what is to stop someone with more malicious intent?

So, what can we (and the White House) learn from this fiasco?

1. Training your staff to be aware of cyber security is vital – even one weak link could damage an entire business (or nation!).

2. Use the right technology for the job – if you start using personal devices at work, you risk information being leaked or lost.

If you want to know how your business could benefit from cyber security training, talk to Interfuture Security HERE.