Mar 27, 2025 5:47 PM
WIRED has found four new Venmo accounts that appear to be associated with Trump officials who were in an infamous Signal chat. One made a payment with a note consisting solely of an eggplant emoji.
Photograph: Jaque Silva/Getty Images
A number of top Trump administration officials—including four who were on a now-infamous Signal group chat—appear to have Venmo accounts that have been leaking data, including contacts and in some cases transactions, to the public. Experts say this is a potentially serious counterintelligence problem that could allow foreign intelligence services to gain insight into a target’s social network or even identify individuals who could be paid or coerced to act against them.
The officials in question include Dan Katz, chief of staff at the US Treasury; Joe Kent, President Trump’s nominee for director of the National Counterterrorism Center; and Mike Needham, counselor and chief of staff to the secretary of state. All three were participants in the “Houthi PC small group” chat in which sensitive attack plans were discussed and to which Jeffrey Goldberg, editor in chief of The Atlantic, was accidentally invited. Katz was named in it as a point of contact by Scott Bessent, the Treasury secretary; Kent by Tulsi Gabbard, the director of national intelligence, to whom Kent serves as acting chief of staff; and Needham by Marco Rubio, the secretary of state.
A fourth official with an open Venmo account—Brian McCormack, a senior staffer on the National Security Council—also appears to have been in the chat, in which a user with the screen name “Brian” lists McCormack as a point of contact for the NSC. His account went private after WIRED reached out to the NSC for comment. (“Mr. McCormack has made necessary Venmo updates for his personal privacy protection,” says NSC spokesperson James Hewitt.)
Morgan Ortagus, a former Fox News personality and deputy to Steve Witkoff—Donald Trump’s special envoy for the Middle East, who was himself in the chat—also appears to have left Venmo data exposed.
WIRED established that the accounts are almost certainly those of the government officials in question by analyzing the other accounts they were connected to, which in the cases of Katz, Kent, and Needham included accounts appearing to belong to their spouses. The Treasury Department, the National Counterterrorism Center, and the State Department did not immediately respond to requests for comment.
Some of the information revealed by the accounts is quite granular. McCormack and the accounts that appear to belong to Katz and Ortagus, for example, left not only their contact lists publicly visible but also their transactions, which are as recent as last autumn. These records reveal specific information like a 2018 payment from Katz with a note consisting solely of an eggplant emoji and how much he paid an overnight cat sitter in 2019. They also reveal McCormack’s contributions to what appears to be a get-together for veterans of the Bush-Cheney administration (“Cheney team reunion! Thank you!!”), who has reimbursed Ortagus for picnic expenses, and Kent’s connection to noted conspiracy theorist Ivan Raiklin, who calls himself “the secretary of retribution” and once created a deep state target list.
WIRED has previously reported on the partially public Venmo accounts of several of the high-ranking officials in the Houthi PC chat, including Vice President JD Vance; Mike Waltz, the national security adviser; and Susie Wiles, the White House chief of staff. Waltz and Wiles set their accounts to private only after WIRED reached out to the White House for comment on Wednesday afternoon.
Venmo did not immediately respond to WIRED’s request for comment. In a statement given to WIRED in response to questions about the Waltz and Wiles accounts, spokesperson Erin Mackey said, “We take our customers’ privacy seriously, which is why we let customers choose their privacy settings on Venmo for both their individual payments and friends lists—and we make it incredibly simple for customers to make these private if they choose to do so.”
“From my perspective, as a veteran, everyone is entitled to use the applications and services they feel are necessary to live their lives,” says Tara Lemieux, a 35-year veteran of the US intelligence community including the National Security Agency, Department of Homeland Security, and supporting agencies. “That said, when you post anything in those third-party applications and you don’t understand how that information can be shared or exploited, you are taking a risk for our nation—and that’s not acceptable.”
For Lemieux, while public transactions on Venmo might appear harmless, foreign intelligence services—particularly signals intelligence agencies—look for patterns: who’s paying whom, how often, and when. “Say they’re making payments to their children—now you have a point of leverage. If there’s someone out there looking to target you, they can use that information and start making you feel fearful for the safety of your children,” Lemieux says.
“The speed of the digital world has outpaced our ability to keep a handle on it,” she adds. “If you have all this information out there—how the heck are you going to put the toothpaste back in the tube?”
Mike Yeagley, a specialist in commercial data and its security risks, has spent over 15 years advising the US Department of Defense on how both allies and adversaries leverage what he calls “digital exhaust,” the seemingly mundane details—social connections, service transactions, and metadata trails—left behind in everyday apps. “At the highest level of our national security leadership, regardless of administration, there has to be an awareness of our data and what we project that can be discoverable,” he says.
“What’s the risk of someone at the Cabinet level using Venmo to pay their personal trainer? On the surface, it doesn’t look like much,” Yeagley says. “But now I know who that trainer is—or the gardener, or whoever—and suddenly I’ve expanded my ability to target by identifying the people around that official.”
Yeagley adds that “our adversaries are sophisticated and carnivorous in their data collection,” which means that “just the smallest bit of daylight is of interest to someone sophisticated. They will use that data point. They will build from it.”
According to Venmo, its “contact syncing” feature allows users to upload phone contacts to the app so that they can find people they know. When these exposed Venmo accounts were set up—all before 2020—the app would display a prompt allowing users to sync their phone contacts, automatically populating their friends list with anyone in their address book already using the platform. Venmo says this functionality was deprecated more than two years ago. Today, contact syncing no longer creates connections by default. To add someone as a friend, users have to search for them, send a request, and have it accepted.
Nevertheless, according to Venmo’s privacy policy, unless users proactively change their privacy settings, their network remains visible to anyone. That means that even when a user sets their account to private, their friends list remains visible unless they take an additional step. As of publication, hiding your connections requires navigating to Settings > Privacy > Friends List and selecting Private.
Stephen Lurie contributed reporting.
