Defense Secretary Pete Hegseth used the encrypted app Signal to discuss Pentagon operations significantly more than previously known, including for information about military strikes and daily planning, according to a Wall Street Journal exclusive report. He reportedly managed at least a dozen Signal chats and once directed aides to notify foreign governments of a U.S. operation through the app.
Hegseth sometimes sent these messages from an unsecured Pentagon line or personal device. The Journal reported Marine Col. Ricky Buria, Hegseth’s military aide, posted operational details ahead of U.S. strikes in Yemen in a Signal chat that included Hegseth’s family members.
One chat included Hegseth’s wife, brother and private attorney. According to the Journal, officials familiar with the practice said some messages disappeared without archiving, a feature of the Signal app, potentially violating federal record-keeping laws.
Last month, the Pentagon’s Office of the Inspector General began a review of whether Hegseth and other personnel followed Department of Defense policy on commercial messaging apps.
During a recent interview with NBC’s “Meet the Press,” Trump said Hegseth will remain in his position and praised the Defense secretary’s leadership despite the ongoing review.
What is the inspector general reviewing?
Acting Inspector General Steven Stebbins launched the review in response to a letter from Sens. Jack Reed, D-R.I., and Roger Wicker, R-Miss., who cited bipartisan concerns that a journalist had been added to a Signal chat discussing classified airstrike details.
Unbiased. Straight Facts.TM
A 2023 Pentagon policy prohibits using unmanaged apps like Signal, WhatsApp and iMessage for sharing non-public DOD information without formal approval.
The senators cited reports that officials mistakenly added Atlantic editor-in-chief Jeffrey Goldberg to a group chat with National Security Council members. According to the letter, the chat involved details about U.S. military operations in Yemen and raised questions about using unclassified networks to share sensitive information.
The investigation focuses on whether officials improperly handled sensitive or classified information.
One Signal message included specific timing for F-18, MQ-9 Reaper drone, Tomahawk missile strikes as well as target location intelligence. Although the White House later said the messages did not contain classified material, Reed criticized the communication as dangerous to U.S. troops.
Expanded investigation
The inspector general expanded the investigation to include a second Signal chat that reportedly included Hegseth’s wife, brother and military aide. According to The Wall Street Journal, officials familiar with the probe said investigators are also examining who manually transferred information from a classified system into Hegseth’s Signal chats ahead of U.S. strikes on Yemen.
The Journal reported that Gen. Michael “Erik” Kurilla sent a secure message with strike details through a classified email system and within minutes, portions of that information appeared in one of Hegseth’s Signal groups.
Stebbins’ office can investigate the full extent of any potential breaches without notifying Congress, according to the Journal. Reed said the second chat raised the same concerns as the first and fell squarely within the inspector general’s scope.
Republican lawmakers defended Hegseth’s intent but raised concerns over judgment. GOP Sen. Thom Tillis called it “at best a rookie mistake, at worst really bad judgment.”
The inspector general has not given a timeline for completing the review and may expand the scope as needed. The Pentagon did not respond to the Wall Street Journal’s request for comment.
It’s unclear whether the investigation will lead to disciplinary action or policy changes. The case remains open as investigators examine Signal chat threads and the manual transfer of sensitive strike data.
What are the restrictions on using apps like Signal at the Pentagon?
A 2023 Department of Defense memo, reviewed by SAN, outlines strict limits on mobile app use for official business. Unless specifically approved, it prohibits conducting any work involving Controlled Unclassified Information (CUI) through commercial messaging platforms.
“Unmanaged apps” like Signal, WhatsApp and iMessage are unauthorized for accessing, storing or transmitting non-public DOD information. These platforms require a formal exception to policy (E2P) from the DOD’s chief information officer. Even on approved devices, these apps cannot handle sensitive content unless governed by a secure enterprise system. It’s unclear whether Signal received such approval under Hegseth’s leadership.
Multiple administrations, including former President Joe Biden’s, used the Signal app. Director of National Intelligence Tulsi Gabbard told Congress that some official devices came pre-installed with Signal, prompting questions about consistent policy enforcement.
How do DOD mobile app guidelines apply to this case?
Apps fall into two categories: managed and unmanaged. Managed apps, monitored by a secure enterprise framework, may handle content up to the CUI level. The guidance bars unmanaged apps from accessing non-public DOD data.
The memo requires officials to preserve messages involving official business as federal records. They must archive any messages sent or received on government-issued or approved personal devices within 20 days. Additional restrictions apply to apps with geolocation or chat features, particularly in operational environments.
Former National Security Adviser Mike Waltz, previously identified as the official who added Goldberg to a Signal chat, lost favor within the administration. President Donald Trump announced he would reassign Waltz and nominate him as U.S. ambassador to the United Nations.
