News
Pentagon watchdog finds Hegseth risked the safety of U.S. forces with use of Signal
Secretary of Defense Pete Hegseth listens as President Donald Trump speaks during a Cabinet Meeting at the White House on Dec. 2.
Andrew Caballero-Reynolds/AFP via Getty Images
hide caption
toggle caption
Andrew Caballero-Reynolds/AFP via Getty Images
A Pentagon watchdog has determined that Defense Secretary Pete Hegseth risked the safety of U.S. servicemembers by sharing sensitive military information on the Signal messaging app, according to a source who has reviewed the forthcoming inspector general report.
The report, which is expected to be released as early as Thursday, was launched after a journalist for The Atlantic revealed in March that he had been added to a chat on the encrypted messaging app in which Hegseth and other top officials were discussing plans for U.S. airstrikes against Houthi rebels in Yemen.
A summary of the report provided to NPR finds that had a foreign adversary intercepted the intelligence discussed in the chat, it would have endangered both U.S. servicemembers and the mission at large.
The investigation was conducted by Pentagon Inspector General Steven Stebbins. His findings were shared with NPR by a source who has seen the document but was not authorized to discuss it publicly.
The report concludes that Hegseth, who sent the information about targets, timing and aircraft to two Signal groups, including his wife and brother, violated Pentagon policies about using personal phones for official business. Hegseth would not sit for an interview with investigators, the report said, and would only provide a written response.
In his response, Hegseth stated that he was able to declassify information; the inspector general did not determine whether Hegseth had declassified information in the chat by the time it was shared, but acknowledged that, as secretary of defense, he had the authority to do so.
Hegseth also told the inspector general that he believed the investigation was political and that he lacked faith in Stebbins, according to the source.
In a statement, chief Pentagon spokesman Sean Parnell said the findings absolved Hegseth of any wrongdoing.
“The Inspector General review is a TOTAL exoneration of Secretary Hegseth and proves what we knew all along — no classified information was shared. This matter is resolved, and the case is closed,” Parnell said.
In a separate statement, White House press secretary Karoline Leavitt defended President Trump’s national security team and its handling of sensitive information.
“This review affirms what the Administration has said from the beginning — no classified information was leaked, and operational security was not compromised,” Leavitt said.
The report is the product of months of investigation. The probe was launched in April in response to a request from the top Republican on the Senate Armed Services Committee, Roger Wicker of Mississippi, and Jack Reed, the panel’s top Democrat.
Over the course of the investigation, the report states, Hegseth only provided a few of his Signal messages to the inspector general. As a result, Stebbins was forced to rely mostly on screenshots of the chat from the Atlantic, according to the source.
One member of the Armed Services committee, Arizona Democrat Mark Kelly, responded to the report by saying “it’s pretty clear he shouldn’t have been using his cell phone and an unsecure app, unofficial app with regards to DOD, to be sharing that kind of information.”
“It’s not too hard to see how our adversaries can get that information and pass it on, to the Houthies in this case, and put those lives at risk,” Kelly said.
The report’s expected release comes as Hegseth faces pressure to answer for the administration’s controversial campaign to strike boats in the Caribbean Sea that are allegedly carrying drugs to the U.S. from South America. One of those strikes has forced the administration to answer questions about whether the U.S. fired on the survivors of a bombing on Sept. 2, a move that military experts say could constitute a war crime if the administration’s claim to be at war with narco traffickers is to be accepted.
Hegseth’s leadership at the Pentagon has been dogged by controversy. Critics have highlighted that the Army National Guard combat veteran and former Fox News host lacks the same level of experience as his predecessors at DOD.
In his Senate confirmation hearing, the social conservative told lawmakers that “lethality, meritocracy, warfighting, accountability and readiness” were his top priorities for the role. Since being sworn in, he’s overseen the agency through drastic changes, firing several top officials, placing restrictions on troops and veterans that are transgender and rebranding the agency as the Department of War.
The White House reiterated continued confidence in Hegseth on Wednesday, with Leavitt saying in a statement that, “President Trump stands by Secretary Hegseth.”
NPR disclosure: Katherine Maher, the CEO of NPR, chairs the board of the Signal Foundation.
Gabriel Sanchez contributed reporting.
The maker of Canvas, the software used by thousands of schools and universities around the world, said on Monday that it had reached a deal with the hackers that recently breached its systems for the return of stolen data and the destruction of any copies.
ShinyHunters, a hacking group, had claimed responsibility for the attack on Instructure, the Salt Lake City-based company that provides Canvas to about half of all colleges and universities in North America.
The hackers said they had accessed the data of more than 275 million users at nearly 9,000 schools worldwide, including private conversations between students and teachers as well as personal identifying information such as names and email addresses. Canvas was shut down for hours after the cyberattack on Thursday.
The agreement, Instructure said in a statement, involved the return of the stolen data and confirmation that the data had been destroyed at the hackers’ end. Instructure added that it had been informed that none of its customers would face extortion as a result of the theft.
“While there is never complete certainty when dealing with cybercriminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible,” the company said.
Instructure did not say what it had given the hackers in exchange for the return of the data. The company did not immediately respond to questions about the deal.
Canvas has more than 30 million active users around the world, according to Instructure. The platform is used by teachers and students for coursework management and communications. Instructure said the data compromised in the hack included usernames, email addresses, course names, enrollment information and messages.
ShinyHunters on Thursday claimed the attack in a message that appeared on students’ Canvas pages and was obtained by The New York Times. The group warned that it would leak an unspecified amount of data on May 12 if it did not receive a response from Instructure. In its May 3 ransom note, the group had threatened to leak “several billions of private messages among students and teachers.”
Not much is known about ShinyHunters, which is believed to have been formed around 2020. Its goal appears to be to obtain personal records and sell them. One of its high-profile attacks was against Ticketmaster in 2024, when the hackers said they had stolen the user information of more than 500 million customers.
Instructure said it first detected unauthorized activity in Canvas on Apr. 29, and again on May 7. The company said it took Canvas offline to investigate the breach, and also informed the F.B.I., the U.S. Cybersecurity and Infrastructure Security Agency and other international law enforcement partners.
Instructure did not immediately respond to questions about whether any law enforcement agencies were involved in its dealings with the hackers. The F.B.I. advises against paying ransom to hackers, saying it does not guarantee data security and encourages attackers to target more victims.
The National Quarantine Center is located at the University of Nebraska Medical Center in Omaha.
Nebraska Medicine
hide caption
toggle caption
Nebraska Medicine
Sixteen of the 18 passengers transferred to the U.S. from a cruise ship where there was an outbreak of hantavirus arrived in Omaha, Neb., on Monday for evaluation after disembarking the vessel in Spain’s Canary Islands over the weekend.
Of the 15 U.S. citizens and one dual U.S.-British citizen who arrived in Nebraska, all but one are currently being housed in the National Quarantine Unit. That patient tested positive for the virus and was being housed in the Nebraska Biocontainment Unit, officials said at a Monday news conference. The 15 people in the quarantine unit will continue to be monitored for signs of the illness.
Passengers carry their belongings in plastic bags after being evacuated from the MV Hondius after docking in the Granadilla Port on Sunday in Tenerife, part of the Canary Islands, Spain.
Chris McGrath/Getty Images
hide caption
toggle caption
Chris McGrath/Getty Images
Nebraska may seem an unlikely location to process these individuals, but it is home to the National Quarantine Unit — the only federally funded quarantine unit in the U.S. — and the separate Nebraska Biocontainment Unit. They are highly specialized facilities located at the University of Nebraska Medical Center (UNMC) and widely considered among the best in the world.
The $1 million, five-room biocontainment unit was dedicated in 2005. It was a joint project with Nebraska Health and Human Services and the UNMC. It is set up to safely provide medical care for patients with highly hazardous and infectious diseases and was used in 2014 to treat two doctors infected with Ebola. The National Quarantine Unit was completed in late 2019. It cost nearly $20 million, according to the Associated Press. Both facilities were used during the COVID-19 epidemic.
“We are prepared for situations exactly like this,” Dr. Michael Ash, CEO of Nebraska Medicine, said in a statement. “Our teams have trained for decades alongside federal and state partners to make sure we can safely provide care while protecting our staff and the broader community. We are proud to support this national effort.”
Two additional U.S. passengers on the cruise ship — a couple, with one showing symptoms of hantavirus — were transferred for monitoring to Emory University Hospital, where another advanced biocontainment facility is located.
When the biocontainment unit was first dedicated more than 20 years ago, the biggest concerns were anthrax attacks and severe acute respiratory syndrome, more commonly known as SARS, Dr. Phil Smith, who spearheaded the efforts at Nebraska Medical Center to create the biocontainment unit, told the AP in 2020. Smith died last year.
A hallway leading to rooms at the Nebraska Biocontainment Unit at the University of Nebraska Medical Center.
Nebraska Medicine
hide caption
toggle caption
Nebraska Medicine
The quarantine unit features 20 negative-pressure rooms designed to keep potentially harmful particles from escaping by maintaining lower air pressure inside than outside the rooms. The single-occupancy rooms provide patients with attached bathrooms, exercise equipment and Wi-Fi, according to the medical center.
“We have protocols in the quarantine unit that provide for safe care of these of these persons, including just all the activities of daily living so that they can … have a comfortable stay but also have it in an area that’s protected and limits spread of the pathogen,” Dr. Michael Wadman, the medical director of the National Quarantine Unit, said at a Friday news conference.
The biocontainment unit, by contrast, is a patient-care space where people are able to receive medical treatment, Dr. Angela Hewlett, medical director of the biocontainment unit, told reporters Monday.
She emphasized that the facility — which has a 10-bed capacity — operates independently from the quarantine unit and has its own dedicated air-handling system. “We don’t share [it] with any of the rest of the facility,” she said, noting that the unit uses rooftop HEPA filtration and is designed “very differently” from what most people typically imagine in a hospital setting.
One of the rooms in the Nebraska Biocontainment Unit.
Nebraska Medicine
hide caption
toggle caption
Nebraska Medicine
Nebraska Gov. Jim Pillen, speaking at Monday’s news conference, welcomed the recently arrived patients, who are among nearly 150 people from 23 different countries who were aboard the MV Hondius when the illness most commonly transmitted to humans through contact with infected rodents broke out. As of Monday, the World Health Organization has reported at least nine cases of hantavirus, including three deaths.
“We’re glad that you’re here,” Pillen said. “We’re going to ensure that you have the best world-class care possible.”
Pillen also sought to reassure Nebraskans that the facilities are safe and secure: “We’re working diligently to ensure no one leaves the security in an unsecured way at an inappropriate time,” he said. “No one poses a risk to public health, just walking out the front door of the streets of Omaha.”
The hantavirus outbreak on the cruise ship has been identified as the Andes strain of the illness, one that can be spread, though rarely, from person-to-person, according to the Centers for Disease Control and Prevention. It can cause severe respiratory disease, with early flu-like symptoms.
“The Andes variant of this virus does not spread easily, and it requires prolonged, close contact with someone who is already symptomatic,” according to Adm. Brian Christine, the assistant secretary for health at the U.S. Department of Health and Human Services, who spoke at Monday’s news conference. “Even so, we have taken this situation very seriously from the very start.”
“The risk of hantavirus to the general public remains very, very low,” he said.
The full quarantine period for hantavirus is 42 days, Christine said, but he added that the patients would be allowed to go home if they remained asymptomatic.
“Right now, the passengers that are all in the assessment phase — they’re going to be here for at least a few days while we do assessments and the coordination on what happens next,” he said, adding that they had the option to remain in the quarantine facility for the full period, for “the safest and most effective option for them.”
new video loaded: Americans Exposed to Hantavirus on Cruise Ship Arrive in United States
transcript
transcript
Americans Exposed to Hantavirus on Cruise Ship Arrive in United States
Eighteen passengers who were aboard the MV Hondius, a cruise ship with a deadly hantavirus outbreak, landed in Omaha on a U.S. government medical flight. The passengers were being monitored at medical facilities in Nebraska and Georgia.
-
We’re working diligently to ensure no one leaves the security in an unsecured way at an inappropriate time. No one who poses a risk to public health is walking out the front door of the streets of Omaha or beyond.
By Axel Boada
May 11, 2026
-
Delaware7 seconds agoVisiting Delaware beaches this summer? What’s different in 2026
-
Florida6 minutes agoMan punches trooper during I-95 traffic stop in Brevard County, Florida Highway Patrol says
-
Georgia12 minutes agoGeorgia gubernatorial candidate echoes MS’s late-Gov. Kirk Fordice
-
Hawaii18 minutes agoFlorida woman dies in possible drowning in South Kona – West Hawaii Today
-
Idaho24 minutes agoPart of I84 Will Close This Week in Southern Idaho For Bridge and Ramp Work
-
Illinois30 minutes agoCapitol News Illinois | Judge delays decision on special prosecutor for ‘Operation Midway Blitz’
-
Indiana36 minutes agoHighlights of what President Trump said about Indiana football during White House visit
-
Iowa42 minutes agoKim Reynolds signs ‘Ember’s law’ increasing animal torture penalties