News
Federal judge declines to order Trump officials to recover deleted Signal messages
Secretary of Defense Pete Hegseth looks on during a cabinet meeting with President Trump in the Cabinet Room of the White House on April 10.
Brendan Smialowski/AFP via Getty Images
hide caption
toggle caption
Brendan Smialowski/AFP via Getty Images
A federal judge in Washington, D.C., has issued a preliminary injunction ordering top national security officials who discussed military operations on the encrypted messaging service Signal to notify the acting archivist of the United States of any messages they have that may be at risk of being deleted. But in calling for those records to be preserved, the ruling stopped short of ordering the government to recover past messages that may already have been lost.
American Oversight, a nonprofit government watchdog, brought the lawsuit after the journalist Jeffrey Goldberg was mistakenly added to a group chat on Signal in which Trump administration officials discussed a planned U.S. military attack against Houthi rebels in Yemen. American Oversight says the officials violated federal records law with their use of Signal, a commercial messaging app that allows messages to be automatically deleted.
In his ruling Friday, U.S. judge James Boasberg said American Oversight had failed to show that the recordkeeping programs of the agencies involved in the case are “inadequate,” or that “this court can provide redress for already-deleted messages,” as the group had requested.
“Plaintiff has provided no reason to believe that ordering the Attorney General to use her “coercive power” to “shak[e] the tree harder” … would bear any fruit with respect to already-deleted messages,” Boasberg wrote. “The Court therefore cannot conclude that American Oversight’s request for communications that have already fallen victim to Signal’s auto-delete function remains redressable given Plaintiff’s own representations to the contrary.”
But the judge granted the group a partial victory when it comes to messages that have not been erased.
“Because the looming erasure of automatically deleting Signal messages qualifies as such an imminent destruction of records, and because the Attorney General could prevent that destruction by instructing Government officials to halt the messages’ deletion, it remains possible for the Court to provide relief,” he wrote.
“We expect immediate compliance — and if they drag their feet or fail to act, we are fully prepared to pursue further legal action to ensure government records, which belong to the public, are preserved and protected,” said Chioma Chukwu, executive director of American Oversight in a statement.
Questions about potentially classified information
Goldberg’s reporting about the chat shocked military and intelligence experts and became the focus of a review by the Pentagon’s acting inspector general. Lawmakers on the Senate Armed Services Committee have also raised concerns about whether top national security officials shared classified information in the chat.
In his reporting, Goldberg detailed key exchanges from the Signal chat, including messages in which Defense Secretary Pete Hegseth shared information about targets, weapons and attack sequencing just ahead of the airstrikes.
Hegseth has adamantly denied that any classified war plans were discussed in the Signal chat. The White House has also denied that any classified plans were shared, and said in March that its review of the incident had concluded.
“This case has been closed here at the White House as far as we are concerned,” White House press secretary Karoline Leavitt told reporters. “There have been steps made to ensure that something like that can obviously never happen again, and we’re moving forward,” she said.
Controversy surrounding the use of Signal by administration officials dogged the White House a month later when the New York Times reported that Hegseth shared details of the attack on a second Signal chat that included his wife and brother.
“It is now clear that the use of Signal to conduct official government business by administration officials is widespread: senior administration officials used, and likely continue to use, a commercially available text message application with an auto-delete function and no apparent mechanism to fully preserve federal records on government recordkeeping systems,” the watchdog group wrote in an amended complaint filed in late April.
Hegseth is named as a defendant in the American Oversight suit, alongside Director of National Intelligence Tulsi Gabbard, CIA Director John Ratcliffe, Treasury Secretary Scott Bessent and Secretary of State Marco Rubio.
What the plaintiffs allege
The plaintiffs allege that officials violated the Federal Records Act by discussing “official government actions” on the messaging platform, which is not an authorized system for keeping federal records, according to their complaint. The 1950 law outlines the legal framework by which federal records are meant to be preserved.
American Oversight has also argued that administration officials failed to preserve their messages, noting that multiple individuals who participated in the group chat had the auto-delete setting turned on.
In an initial ruling in March, Boasberg ordered administration officials to preserve any records from the chat dated March 11 to March 15.
The defendants told the court they had taken steps to comply with the order and preserve records, but American Oversight said in subsequent filings that they had “serious questions” about what exactly the government had saved. They said declarations by defendants submitted to the court lacked key specifics, and that “no Defendant” had attested to saving the chat “in its entirety.”
In the case of Ratcliffe, the group alleged that the CIA director failed to comply with the court’s order. “Because of this failure, Signal communications may have been lost,” they said. The defendants denounced the allegation saying it sought to “stir public controversy without basis in fact or law,” and that Ratcliffe had complied with the court’s order.
In his opinion issued Friday, Boasberg appeared to cast doubt on American Oversight’s argument, writing that the defendants, “did not appear to have any difficulty in following their respective agencies’ policies to preserve the messages that had not yet been deleted.”
“For these reasons, Plaintiff’s claim that the agencies’ formal recordkeeping programs violate the FRA is unlikely to succeed,” he wrote.
NPR disclosure: Katherine Maher, the CEO of NPR, chairs the board of the Signal Foundation.
The maker of Canvas, the software used by thousands of schools and universities around the world, said on Monday that it had reached a deal with the hackers that recently breached its systems for the return of stolen data and the destruction of any copies.
ShinyHunters, a hacking group, had claimed responsibility for the attack on Instructure, the Salt Lake City-based company that provides Canvas to about half of all colleges and universities in North America.
The hackers said they had accessed the data of more than 275 million users at nearly 9,000 schools worldwide, including private conversations between students and teachers as well as personal identifying information such as names and email addresses. Canvas was shut down for hours after the cyberattack on Thursday.
The agreement, Instructure said in a statement, involved the return of the stolen data and confirmation that the data had been destroyed at the hackers’ end. Instructure added that it had been informed that none of its customers would face extortion as a result of the theft.
“While there is never complete certainty when dealing with cybercriminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible,” the company said.
Instructure did not say what it had given the hackers in exchange for the return of the data. The company did not immediately respond to questions about the deal.
Canvas has more than 30 million active users around the world, according to Instructure. The platform is used by teachers and students for coursework management and communications. Instructure said the data compromised in the hack included usernames, email addresses, course names, enrollment information and messages.
ShinyHunters on Thursday claimed the attack in a message that appeared on students’ Canvas pages and was obtained by The New York Times. The group warned that it would leak an unspecified amount of data on May 12 if it did not receive a response from Instructure. In its May 3 ransom note, the group had threatened to leak “several billions of private messages among students and teachers.”
Not much is known about ShinyHunters, which is believed to have been formed around 2020. Its goal appears to be to obtain personal records and sell them. One of its high-profile attacks was against Ticketmaster in 2024, when the hackers said they had stolen the user information of more than 500 million customers.
Instructure said it first detected unauthorized activity in Canvas on Apr. 29, and again on May 7. The company said it took Canvas offline to investigate the breach, and also informed the F.B.I., the U.S. Cybersecurity and Infrastructure Security Agency and other international law enforcement partners.
Instructure did not immediately respond to questions about whether any law enforcement agencies were involved in its dealings with the hackers. The F.B.I. advises against paying ransom to hackers, saying it does not guarantee data security and encourages attackers to target more victims.
The National Quarantine Center is located at the University of Nebraska Medical Center in Omaha.
Nebraska Medicine
hide caption
toggle caption
Nebraska Medicine
Sixteen of the 18 passengers transferred to the U.S. from a cruise ship where there was an outbreak of hantavirus arrived in Omaha, Neb., on Monday for evaluation after disembarking the vessel in Spain’s Canary Islands over the weekend.
Of the 15 U.S. citizens and one dual U.S.-British citizen who arrived in Nebraska, all but one are currently being housed in the National Quarantine Unit. That patient tested positive for the virus and was being housed in the Nebraska Biocontainment Unit, officials said at a Monday news conference. The 15 people in the quarantine unit will continue to be monitored for signs of the illness.
Passengers carry their belongings in plastic bags after being evacuated from the MV Hondius after docking in the Granadilla Port on Sunday in Tenerife, part of the Canary Islands, Spain.
Chris McGrath/Getty Images
hide caption
toggle caption
Chris McGrath/Getty Images
Nebraska may seem an unlikely location to process these individuals, but it is home to the National Quarantine Unit — the only federally funded quarantine unit in the U.S. — and the separate Nebraska Biocontainment Unit. They are highly specialized facilities located at the University of Nebraska Medical Center (UNMC) and widely considered among the best in the world.
The $1 million, five-room biocontainment unit was dedicated in 2005. It was a joint project with Nebraska Health and Human Services and the UNMC. It is set up to safely provide medical care for patients with highly hazardous and infectious diseases and was used in 2014 to treat two doctors infected with Ebola. The National Quarantine Unit was completed in late 2019. It cost nearly $20 million, according to the Associated Press. Both facilities were used during the COVID-19 epidemic.
“We are prepared for situations exactly like this,” Dr. Michael Ash, CEO of Nebraska Medicine, said in a statement. “Our teams have trained for decades alongside federal and state partners to make sure we can safely provide care while protecting our staff and the broader community. We are proud to support this national effort.”
Two additional U.S. passengers on the cruise ship — a couple, with one showing symptoms of hantavirus — were transferred for monitoring to Emory University Hospital, where another advanced biocontainment facility is located.
When the biocontainment unit was first dedicated more than 20 years ago, the biggest concerns were anthrax attacks and severe acute respiratory syndrome, more commonly known as SARS, Dr. Phil Smith, who spearheaded the efforts at Nebraska Medical Center to create the biocontainment unit, told the AP in 2020. Smith died last year.
A hallway leading to rooms at the Nebraska Biocontainment Unit at the University of Nebraska Medical Center.
Nebraska Medicine
hide caption
toggle caption
Nebraska Medicine
The quarantine unit features 20 negative-pressure rooms designed to keep potentially harmful particles from escaping by maintaining lower air pressure inside than outside the rooms. The single-occupancy rooms provide patients with attached bathrooms, exercise equipment and Wi-Fi, according to the medical center.
“We have protocols in the quarantine unit that provide for safe care of these of these persons, including just all the activities of daily living so that they can … have a comfortable stay but also have it in an area that’s protected and limits spread of the pathogen,” Dr. Michael Wadman, the medical director of the National Quarantine Unit, said at a Friday news conference.
The biocontainment unit, by contrast, is a patient-care space where people are able to receive medical treatment, Dr. Angela Hewlett, medical director of the biocontainment unit, told reporters Monday.
She emphasized that the facility — which has a 10-bed capacity — operates independently from the quarantine unit and has its own dedicated air-handling system. “We don’t share [it] with any of the rest of the facility,” she said, noting that the unit uses rooftop HEPA filtration and is designed “very differently” from what most people typically imagine in a hospital setting.
One of the rooms in the Nebraska Biocontainment Unit.
Nebraska Medicine
hide caption
toggle caption
Nebraska Medicine
Nebraska Gov. Jim Pillen, speaking at Monday’s news conference, welcomed the recently arrived patients, who are among nearly 150 people from 23 different countries who were aboard the MV Hondius when the illness most commonly transmitted to humans through contact with infected rodents broke out. As of Monday, the World Health Organization has reported at least nine cases of hantavirus, including three deaths.
“We’re glad that you’re here,” Pillen said. “We’re going to ensure that you have the best world-class care possible.”
Pillen also sought to reassure Nebraskans that the facilities are safe and secure: “We’re working diligently to ensure no one leaves the security in an unsecured way at an inappropriate time,” he said. “No one poses a risk to public health, just walking out the front door of the streets of Omaha.”
The hantavirus outbreak on the cruise ship has been identified as the Andes strain of the illness, one that can be spread, though rarely, from person-to-person, according to the Centers for Disease Control and Prevention. It can cause severe respiratory disease, with early flu-like symptoms.
“The Andes variant of this virus does not spread easily, and it requires prolonged, close contact with someone who is already symptomatic,” according to Adm. Brian Christine, the assistant secretary for health at the U.S. Department of Health and Human Services, who spoke at Monday’s news conference. “Even so, we have taken this situation very seriously from the very start.”
“The risk of hantavirus to the general public remains very, very low,” he said.
The full quarantine period for hantavirus is 42 days, Christine said, but he added that the patients would be allowed to go home if they remained asymptomatic.
“Right now, the passengers that are all in the assessment phase — they’re going to be here for at least a few days while we do assessments and the coordination on what happens next,” he said, adding that they had the option to remain in the quarantine facility for the full period, for “the safest and most effective option for them.”
new video loaded: Americans Exposed to Hantavirus on Cruise Ship Arrive in United States
transcript
transcript
Americans Exposed to Hantavirus on Cruise Ship Arrive in United States
Eighteen passengers who were aboard the MV Hondius, a cruise ship with a deadly hantavirus outbreak, landed in Omaha on a U.S. government medical flight. The passengers were being monitored at medical facilities in Nebraska and Georgia.
-
We’re working diligently to ensure no one leaves the security in an unsecured way at an inappropriate time. No one who poses a risk to public health is walking out the front door of the streets of Omaha or beyond.
By Axel Boada
May 11, 2026
-
New York16 minutes agoDeadly Gang Feud Left Bystander Paralyzed in Brooklyn
-
Detroit, MI46 minutes agoDetroit leads northern border in drug seizures, federal report says
-
San Francisco, CA58 minutes agoCalifornia ‘Fans First’ bill aims to cap skyrocketing concert ticket prices
-
Dallas, TX1 hour agoRanking Every Cowboys Position Group By Overall Talent and Depth
-
Miami, FL1 hour agoSevere weather, flash flooding possible in South Florida on Tuesday
-
Boston, MA1 hour agoCanvas reportedly reaches deal with hackers for stolen data – Boston News, Weather, Sports | WHDH 7News
-
Denver, CO1 hour agoFormer Denver Bronco Craig Morton, who became the first quarterback to start Super Bowl for 2 franchises, dies at 83
-
Seattle, WA1 hour agoSeattle weather: 80s on the horizon before a long cooldown