U.S. officials in Signal chat left their Venmo data exposed online

Data from several U.S. officials' Venmo accounts has been found exposed online, including their contacts and even transaction histories for some. This follows Signalgate earlier this week, and the subsequent revelation that involved officials' private contact information and passwords could be found online.

If I had a nickel for every time a breach of tech security by the Trump administration was revealed this week, I'd now have three nickels. 

On Wednesday, WIRED reported that it had discovered a public Venmo account ostensibly belonging to national security advisor and Signal chat participant Michael Waltz, showing a list of over 300 of his associates. Now the publication is reporting the discovery of further Venmo data belonging to several more U.S. officials, at least three of whom were also members of the infamous Yemen bombing Signal group chat. 

Specifically, WIRED reporters found Venmo data belonging to Department of Treasury chief of staff Dan Katz, Counselor and Chief of Staff to the Secretary of State Mike Needham, and President Donald Trump's nominee for director of the National Counterterrorism Center Joe Kent. Venmo data was also located for National Security Council staffer Brian McCormack, who is suspected of being on the Signal chat, and Morgan Ortagus, deputy to Trump's special envoy for the Middle East and Signal chat participant Steve Witkoff.

All of these individuals' Venmo contact lists were viewable, while Katz, McCormack, and Ortagus had also left their transaction histories exposed.

U.S. officials' contact lists and transaction histories may not seem like something to worry about on the fact of it (though we do have questions about Katz' 2018 payment reportedly annotated solely with an eggplant emoji). However, such information could theoretically be used for nefarious purposes if individuals attempted to reach or influence officials via their associates or frequent haunts. It also revealed connections such as Kent's payments to a far-right 2020 election conspiracy theorist.

It's been a bad week in security scandals for the Trump administration, but this is one that could have easily been avoided. Last July, WIRED reported that Signal chat participant and then-vice presidential nominee JD Vance had also left his Venmo friends list public. Yet despite this cautionary tale, U.S. officials such as McCormack only recently set their Venmo accounts to private after WIRED reached out to them.

In a statement to WIRED, a Venmo spokesperson said, "We take our customers’ privacy seriously, which is why we let customers choose their privacy settings on Venmo for both their individual payments and friends lists — and we make it incredibly simple for customers to make these private if they choose to do so."

The revelation of exposed Venmo data is just the latest dancer in a conga line of U.S. officials' tech security breaches recently. On Monday, The Atlantic's editor-in-chief Jeffrey Goldberg reported that Waltz had mistakenly added him to a Signal group chat in which officials shared seemingly classified information. Days later, German publication DER SPIEGEL reported that passwords for some of the officials involved were found online, stating that it was "conceivable that foreign agents were privy to the Signal chat group."

Now with WIRED's reports added to the growing list, it seems that the Trump administration is in dire need of a data security training course at minimum.