Pentagon IG Finds Hegseth Risked Operational Security by Using Signal for Yemen Strike Plans

the U.S. Department of Defense (DoD)’s inspector general (IG) publicly released a report concluding that Pete Hegseth, U.S. Secretary of Defense, risked jeopardizing a strike mission against Houthi rebels in Yemen by sending sensitive operational information over the commercial messaging app Signal on his personal cell phone.

The report said Hegseth transmitted details — including the number of aircraft involved and precise strike-times for manned U.S. aircraft — roughly two to four hours before the strikes commenced, raising the risk that adversaries could intercept the information and compromise the operation.

Background: Why It Matters

The disclosure sparked widespread concern because strike details — especially timing and aircraft numbers — are typically treated as classified. In this case, the original information came from a classified email sent by the commander of U.S. Central Command (CENTCOM), marked “SECRET/NOFORN.”

Under DoD rules, operational communications must occur over approved secure channels; transmitting such information over unapproved, commercially available apps like Signal, especially on personal devices, violates protocol — even if the person sending them has declassification authority.

This incident drew renewed attention to broader concerns about the use of personal devices and nonstandard communication apps within the Pentagon — a matter of operational security, record-keeping compliance, and accountability.

What the Report Found — Details of the Lapse

Use of Signal Before the Strike

• On March 15, Hegseth used Signal to send a “Houthi PC Small Group” chat containing details about the upcoming strike — including launch times for F-18 Hornet jets, planned waves of drone and Tomahawk strikes, and approximate weapon release times.
• The chat participants included senior Trump-administration figures such as then–national security adviser Mike Waltz and Vice President JD Vance, and — by mistake — a journalist from The Atlantic, namely Jeffrey Goldberg, who later published the controversy.
• Hegseth reportedly created another Signal chat involving family and close contacts, where he shared similar strike-related information.

Classification vs. Security Protocols

• Although Hegseth, in his written response to the investigation, said that he judged the information he shared to be “not classified” or “safely declassified,” the IG noted that the original data derived from emails that were classified “SECRET/NOFORN.”
• The IG determined that, regardless of declassification authority, transmitting sensitive operational data via an unapproved messaging app on a personal device violated DoD policy.

Risks to Operational Security

• The report warns that sharing such details so close to execution — two to four hours before strike — could have allowed enemy forces to anticipate and counter U.S. movements, potentially endangering pilots, delaying or foiling the mission, or compromising classified tactics and procedures.
• The IG expressed concern about a broader pattern within the DoD: multiple instances of using personal devices or unapproved applications for official business — especially in circumstances such as remote work or when secure communications were considered “impractical.”

Reactions and Institutional Response

Some lawmakers issued sharp criticisms. For instance, Senator Jack Reed (D-RI) said Hegseth’s conduct violated military regulations and disregarded servicemembers’ safety.

Conversely, the Republican chairman of the Senate Armed Services Committee, Roger Wicker (R-MS), argued that Hegseth acted within his declassification authority — and suggested that the findings reveal a need for improved tools to enable real-time secure communication by senior national-security officials.

Hegseth’s legal adviser, Timothy Parlatore, echoed the defense, saying the texts contained “no classified material” and that Hegseth had the explicit authority to declassify as he saw fit.

The report also recommends better training across the DoD about handling sensitive information and stricter adherence to approved communication methods.

Policy & Strategy Implications

This incident underscores the tension between operational flexibility at senior policy levels and strict adherence to security protocols. While top leaders may possess declassification authority, doing so outside established classification and recordkeeping procedures — especially using personal devices and public apps — can undermine security and accountability.

It also raises broader questions about whether current DoD infrastructure sufficiently supports secure, real-time communication for high-level officials, particularly in fast-moving conflict zones or dynamic geopolitical environments.

What’s Next

The release of the IG report could renew calls in Congress for formal disciplinary action or stricter oversight mechanisms, especially if additional similar instances come to light.

Meanwhile, the DoD may reevaluate its communication policies, potentially limiting the use of personal devices or unapproved apps even for high-level declassification decisions, or expanding secure communication tools for senior officials.

Finally, adversaries may be incentivized to exploit future lapses if confident that real-time operational details could — again — be shared in insecure ways.