The administration of U.S. President Donald Trump faced a serious blow to national security: the personal data, including phone numbers and passwords, of several senior officials was leaked. The German newspaper Der Spiegel reported on March 27, 2025, citing its own investigation, that personal data of senior U.S. officials was leaked. Victims include White House National Security Advisor Mike Waltz, National Intelligence Director Tulsi Gabbard, and Secretary of Defense Pete Hegseth.
The leak affected information still used on social networks and messaging apps like WhatsApp, Instagram, and Signal. A Der Spiegel investigation found that compromised data could become a tool for opposing intelligence agencies. Experts worry that foreign spies may have accessed classified communications, including a secret Signal group discussing details of the military attack on Yemen carried out on March 15, 2025.
The incident occurred due to careless handling of classified information at a high level. The leak not only weakened confidence in the U.S. security system but also endangered ongoing operations against the Houthis and negotiations with Iran. The data of officials was linked to their personal accounts on messaging apps used for official correspondence.
Der Spiegel cited an example of a secret conversation on Signal, where plans to attack Yemen were discussed, inadvertently becoming known to The Atlantic's editor-in-chief Jeffrey Goldberg due to an error in adding participants. The incident occurred in mid-March 2025, causing a scandal, and the new data leak only exacerbated the crisis.
According to experts, foreign intelligence agencies, such as Russia or China, may have used the compromised phone numbers and passwords to launch phishing attacks or directly hack communications. Since Mr. Trump returned to the White House in January 2025, his administration has been affected by a series of leaks.
In early March, The Washington Post reported on a data breach of the Pentagon's personnel data, involving a hacking attack allegedly carried out by a group acting on behalf of Iran. According to Google Threat Intelligence, in 2024, similar groups increased their efforts to attack the accounts of U.S. officials through Signal and WhatsApp. The current incident stands out in terms of scale and level of impact.
Meanwhile, another significant data privacy issue has emerged involving the social networking platform RedNote (also known as Little Red Book). The Nhan Dan Nhat Bao newspaper on March 27, 2025, cited a report from Jiupai News stating that RedNote is currently facing many accusations related to the act of collecting user data beyond the scope necessary for normal operation.
Jiupai reported that many users have discovered that RedNote makes tens of thousands of accesses to their personal data within 30 days, even during times when users are not directly using the app. Specifically, an Android user stated that within one month, RedNote accessed a total of more than 92,000 times into the device's data, in which location data alone was accessed 71,000 times.
Meanwhile, WeChat - the leading popular platform in China - was only recorded to have accessed 911 times during the same period. There was a time when this app was recorded to have accessed location data 2,148 times in just one day. According to Jiupai, another user also recorded that RedNote had made about 50,000 accesses to their personal data in 30 days, in which the number of accesses to location data accounted for 46,000 times.
Notably, there were times when this app carried out many accesses to sensitive data such as device status, audio files, videos, images, and clipboard in just a short period of time. Users have been reflecting on the excessive data collection of RedNote since July 2024, with more than 70,000 discussion posts posted on the app itself.
On March 26, 2025, in response to Jiupai regarding related issues, a RedNote customer care representative affirmed that the collection of location data is to serve the "nearby" feature and only takes place when users turn on location access rights. The representative stated that this is normal and emphasized that RedNote will not disclose users' personal information.
However, these claims have not alleviated concerns among the Chinese public, particularly in the context of growing worries about privacy and personal data protection among internet users both in China and globally. As these two significant incidents unfold, they highlight the ongoing challenges related to data security and user privacy in an increasingly interconnected world.
