US Secretary of Defense Pete Hegseth speaks during a joint news conference with Japan's Defense Minister Gen Nakatani at the Ministry of Defense in Tokyo on March 30, 2025. Photo: VCG

Several US media outlets have raised renewed concerns over digital security lapses within the US government, highlighting a second alleged leak by Defense Secretary Pete Hegseth, who reportedly shared details of planned airstrikes in Yemen via a private Signal chat group. 

Some Chinese analysts said that while frequently pointing fingers at the so-called external "threats," the US has, in fact, neglected its own data security governance.

According to the New York Times, Hegseth shared detailed information about forthcoming strikes in Yemen on March 15 in a private Signal group chat that included his wife, brother and personal lawyer, according to four people with knowledge of the chat. 

Some of those people said that the information Hegseth shared on the Signal chat included the flight schedules for the F/A-18 Hornets targeting the Houthis in Yemen, essentially the same attack plans that he shared on a separate Signal chat the same day that mistakenly included the editor of The Atlantic, the New York Times said.

The Atlantic's editor-in-chief Jeffrey Goldberg said in a report on March 24 that he was unexpectedly invited on March 13 to an encrypted chat group on the Signal messaging app called the "Houthi PC small group." In the group, national security adviser Mike Waltz tasked his deputy Alex Wong with setting up a "tiger team" to coordinate US action against the Houthis. US President Donald Trump launched an ongoing campaign of large-scale military strikes against Yemen's Houthis on March 15. Hours before those attacks started, Hegseth posted operational details about the plan in the messaging group, according to Reuters. 

Unlike the chat in which The Atlantic was mistakenly included, the newly revealed one was created by Hegseth. He used his private phone, rather than his government one, to access the Signal chat, according to New York Times. 

The latest developments have reignited concerns over digital security lapses within the US government and exposed what critics call a deeply unprofessional approach to national security, said Zhu Ying, a professor at the Baize Institute, Southwest University of Political Science and Law.

Moreover, such lapses may also raise doubts about Washington's reliability and fuel growing mistrust within the US and among its allies, said the expert. 

Democratic politicians have repeatedly called for Hegseth to step down. 

On Monday, Senate Democratic Leader Chuck Schumer posted on X that "The details keep coming out. We keep learning how Pete Hegseth put lives at risk."

But responding to the latest chat group, White House deputy press secretary Anna Kelly said that "No matter how many times the legacy media tries to resurrect the same non-story, they can't change the fact that no classified information was shared," according to Newsweek.

What seem like isolated leaks often expose deeper problems in enforcing confidentiality and securing sensitive information, Yang Xiyu, a senior research fellow at the China Institute of International Studies, told the Global Times, adding that past administrations have seen similar lapses. 

Aside from the second Signal chat group, The Washington Post reported on Sunday that government officials under both Joe Biden and Donald Trump improperly shared sensitive documents with thousands of federal workers, including potentially classified floor plans of the White House.

Career employees at the General Services Administration, which provides administrative and technological support for much of the federal bureaucracy and manages the government's real estate portfolio, were responsible for the oversharing, which spurred a cybersecurity incident report and investigation last week. The records show that the employees inadvertently shared a Google Drive folder containing the sensitive documents with the entire GSA staff, which totals more than 11,200 people, according to the agency's online directory, according to the Washington Post.

The information shared also included the details of a proposed blast door for the White House visitor center, the records show, as well as bank account information for a vendor who assisted with a Trump administration news conference, according to The Washington Post. 

While claiming to counter external threats, the US has neglected its own data security governance. This weakens both its credibility and public trust, said Yang.