The National Security Agency sent out an operational security special bulletin to its employees in February 2025 warning them of vulnerabilities in using the encrypted messaging application Signal, according to internal NSA documents obtained by CBS News.
News of the NSA bulletin comes amid the continued fallout from an explosive article published Monday in The Atlantic. The publication’s editor-in-chief, Jeffrey Goldberg, detailed how Defense Secretary Pete Hegseth inadvertently disclosed war plans to him in an encrypted Signal chat group two hours before the U.S. military launched attacks against Houthi militia in Yemen. Goldberg wrote that Hegseth’s messages included “precise information about weapons packages, targets, and timing.”
The NSA is an arm of the Defense Department and specializes in signals intelligence — which is derived from electronic transmissions — and cybersecurity. The agency is responsible for monitoring, collecting and processing information and data for U.S. national security interests.
The unclassified but for-official-use-only documents provided to CBS News by a senior U.S. intelligence official are entitled “Signal Vulnerability” and were sent out the month before Goldberg was accidentally added to the group chat allegedly by national security adviser Mike Waltz.
“A vulnerability has been identified in the Signal Messenger Application. The use of Signal by common targets of surveillance and espionage activity has made the application a high value target to intercept sensitive information,” the internal bulletin begins.
The bulletin warned of Russian professional hacking groups employing phishing scams to gain access to encrypted conversations, bypassing the end-to-end encryption the application uses.
The bulletin also underscored to NSA employees that third-party messaging applications such as Signal and Whatsapp are permitted for certain “unclassified accountability/recall exercises” but not for communicating more sensitive information.
NSA employees were also warned to not send “anything compromising over any social media or Internet-based tool or application,” and to not “establish connections with people you do not know.”
CBS News contacted the NSA for comment but did not receive a reply prior to publication.
On Tuesday, National Intelligence Director Tulsi Gabbard and CIA Director John Ratcliffe, both of whom were reportedly in the Signal group chat, testified before a Senate panel.
“There was no classified material that was shared in that Signal chat,” Gabbard told lawmakers. But the NSA bulletin advises that even information that is not categorized as classified should not be shared on Signal, advising users not to share “unclassified, nonpublic” information on the messaging platform.
Ratcliffe said Signal “is a permissible use” application that has been approved by the White House for use by senior officials. The group chat, Ratcliffe said, was a “mechanism for communicating between senior level officials but not a substitute for using high side or classified communications.”
Both Ratcliffe and Gabbard were asked by Democratic Sen. Martin Heinrich of New Mexico whether the Signal conversation included information on “weapons packages, targets or timing.” Ratcliffe replied, “Not that I’m aware of,” and Gabbard said, “Same answer and defer to the Department of Defense on that question.” Both said they had no knowledge of the chat including operational details of the strike in Yemen.
contributed to this report.
