Data from the Venmo accounts of several U.S. officials, including contact information and some transaction histories, has been found exposed online. This incident follows the recent revelation of the “Signalgate” breach earlier in the week, during which it was discovered that private contact information and passwords of involved officials were accessible online.
WIRED reported on Wednesday that a public Venmo account, appearing to belong to national security advisor Michael Waltz, was discovered. This account displayed a list of over 300 associates. Further reports indicated that additional Venmo data from several other U.S. officials was found, including those who participated in the Yemen bombing Signal group chat.
The exposed Venmo data includes contact lists and transaction histories for Dan Katz, Department of Treasury Chief of Staff; Mike Needham, Counselor and Chief of Staff to the Secretary of State; Joe Kent, nominee for the National Counterterrorism Center director; Brian McCormack at the National Security Council, and Morgan Ortagus, deputy to Trump’s special envoy for the Middle East.
These data exposures may appear harmless at first glance, but they could potentially be used for malicious activities, such as influencing officials through their associates or contacts. The Venmo records revealed connections such as Joe Kent’s payments to a far-right conspiracy theorist from the 2020 election.
This incident adds to a series of tech security breaches within the Trump administration. Previously, Signal chat participant JD Vance had also left his Venmo friends list public, but despite this example, other officials only recently made their accounts private after being contacted by WIRED.
A spokesperson for Venmo stated that the company takes customer privacy seriously and provides options for privacy settings on both individual payments and friends lists.
This breach is part of a series of recent security incidents involving U.S. officials. Earlier, The Atlantic’s editor-in-chief reported being accidentally added to a Signal group chat where seemingly classified information was shared. DER SPIEGEL later reported that passwords of some involved officials were found online, leading to concerns that foreign agents might have accessed the Signal chat group.
With these ongoing breaches, it appears that the Trump administration may need a comprehensive data security training program.
