Watchdog: Secret Service mobile-phone lapses raised risk to protectees—what the new OIG report says and what comes next

Watchdog flags Secret Service mobile phone lapses that put protectees at risk

A new Department of Homeland Security inspector general report, issued June 23, 2026, concludes the U.S. Secret Service failed to effectively secure and manage mobile devices used during protective operations, creating exploitable openings for adversaries and increasing risk to national leaders. The report—OIG‑26‑09—finds that weaknesses spanned policy, tooling, and day‑to‑day practice. The Secret Service concurred with all recommendations. (oversight.gov )

What the report found

• Routine use of personal phones for official business: Investigators documented widespread reliance on employees’ personal devices during both domestic and foreign protective assignments because government‑issued phones lacked critical capabilities or suffered reliability problems. Analysis identified more than 15,000 instances of calls between employees’ personal lines during protective events and about 24,000 texts between personal and government devices. (nextgov.com )
• Gaps in threat protection software: Devices used overseas lacked required mobile threat defense tooling; the agency did not begin deploying such software until August 2025 despite DHS policy calling for it on devices outside the United States. (nextgov.com )
• Reliability and interoperability issues: Agents reported frequent VPN disconnects (about 12% of mobile help desk tickets) and the absence of commonly used messaging apps needed to coordinate with foreign police and other partners—driving personnel to unofficial channels. (nextgov.com )
• Post‑travel data hygiene shortfalls: Phones used on international trips often were not wiped within the 24‑hour window required by policy; some users reported years of travel with only intermittent or no device wipes. (nextgov.com )

The watchdog tied its deeper look at mobile security to broader Secret Service reviews after the July 13, 2024 attempted assassination of former President Donald Trump in Butler, Pennsylvania; investigators cited specific moments in which personnel leaned on personal devices to exchange critical images during that incident. (nextgov.com )

Why it matters now

High‑end mobile espionage is persistent and increasingly “zero‑click,” making unmanaged or under‑protected devices a direct path to sensitive operational data, location, and contacts. Recent advisories have highlighted campaigns using sophisticated spyware against officials’ smartphones, and CISA has urged “highly targeted” government users to harden devices—including enabling iOS Lockdown Mode and using end‑to‑end encrypted apps—because mobile communications can be intercepted or manipulated. (techradar.com )

The stakes are not theoretical for the Secret Service. In September 2025, the agency said it dismantled a rogue cellular device network in the New York region that could have enabled telecommunications attacks—a reminder that mobile infrastructure itself can be weaponized against protectees. (washingtonpost.com )

The five fixes—and the agency’s response

The inspector general issued five recommendations, including: formally aligning device capabilities with mission needs; strengthening cybersecurity training and compliance; making clear that personal devices are prohibited for official work; updating app vetting policies; and deploying required mobile threat defense for travel. The Secret Service concurred with all five. (nextgov.com )

A DHS‑wide pattern of mobile gaps

The Secret Service findings echo a drumbeat of DHS oversight on mobile security across components:

• DHS Office of Intelligence and Analysis: In April 2026, OIG reported deficiencies in device management and app risks across I&A’s fleet, including noncompliance with required security settings and vulnerabilities in custom apps. (oversight.gov )
• U.S. Customs and Border Protection: A September 2025 audit cited insufficient MDM usage, security setting gaps, and weak overseas protections. (oversight.gov )
• Immigration and Customs Enforcement: A September 2024 report found ICE had not consistently implemented required mobile security settings or app controls. (oversight.gov )

Procurement and modernization context

DHS is simultaneously refreshing how it provisions and manages mobility at scale. On June 25, 2026, DHS awarded a potential 10‑year, $3 billion recompete for enterprise mobility managed services—covering roughly 150,000 wireless connections across the department, with carrier support spanning AT&T, Verizon, T‑Mobile, and FirstNet. Strong inventory control, expense management, and standardized tooling from this contract vehicle could help components, including the Secret Service, close the gaps spotlighted by recent audits. (washingtontechnology.com )

Best practices the Secret Service will need to embrace

While the OIG’s recommendations focus on immediate risks, longer‑term resilience depends on aligning with federal mobile security doctrine and travel guidance:

• Enforce an enterprise mobile security lifecycle: NIST SP 800‑124 Rev. 2 outlines governance, provisioning, configuration baselines, continuous monitoring, and decommissioning for smartphones and tablets—supported by MDM/EMM and mobile threat defense. (csrc.nist.gov )
• Minimize attack surface, especially OCONUS: NSA and DHS travel guidance recommends “loaner” devices for high‑threat environments, strict configuration, and post‑trip sanitization/wipe. (nsa.gov )
• Prefer secure channels by default: CISA’s iPhone‑focused Mobile Communications Best Practice guidance and December 2024 advisories urge enabling Lockdown Mode for high‑risk users, using end‑to‑end encrypted apps, and avoiding SMS for sensitive exchanges. (cisa.gov )
• Close policy and records gaps: BYOD allowances complicate security and preservation duties; agencies should restrict official business to managed devices and ensure retention compliance—an area where Secret Service mobile handling has drawn scrutiny in past oversight. (nist.gov )

The bottom line

The inspector general’s June 23, 2026 report is a clear signal: mission tempo and global coordination demands cannot justify unmanaged communications. The agency must deliver government‑grade capability on government‑issued phones, backed by the right tools and training, so agents aren’t pushed to personal devices that undermine security and records obligations. With DHS‑wide mobility contracts and well‑established federal playbooks, the fixes are less about invention than implementation—and accountability. Expect congressional and public scrutiny to track the Secret Service’s progress on the five recommendations in the months ahead. (oversight.gov )