Secret Service’s Deficient Mobile Device Management Increased the Risk to Protectees and Sensitive Information

Title Full

Date Issued

Tuesday, June 23, 2026

Submitting OIG

Department of Homeland Security OIG

Agencies Reviewed/Investigated

Department of Homeland Security

Report Number

OIG-26-09

Report Description

The United States Secret Service (Secret Service) did not effectively secure and manage mobile devices, including during protective operations. As a result, adversaries could have intercepted and exploited Secret Service information, placing at risk our Nation’s leaders, other protectees, and employees — especially when unsecured devices were used overseas.

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Report updated under NDAA 5274

External Entity

https://srvdc01c01-ptsp.dhs-oig.gov/iq/Library_View_Read_Only_Letter.aspx?letter=365998

External Link

https://srvdc01c01-ptsp.dhs-oig.gov/iq/Library_View_Read_Only_Letter.aspx?lette…

Open Recommendations

This report has 4 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
1	No	$0	$0
We recommend the Secret Service Office of the Chief Information Officer develop and implement a formal policy and process for routinely identifying, evaluating, and implementing mobile device capabilities to ensure all mission functions — foreign and domestic — can be conducted effectively and securely.
2	No	$0	$0
We recommend the Secret Service Office of the Chief Information Officer ensure employees complete cybersecurity awareness training, as required, and training features clear guidance on the proper use of mobile devices in operational settings domestically and overseas.
3	No	$0	$0
We recommend the Secret Service Office of the Chief Information Officer enact an outreach strategy to communicate to employees that the use of personal devices is not allowed for official business. In addition, develop and implement guidance outlining steps employees must take to safeguard communications if they need to rely on a personal device (such as during an emergency) and to ensure such usage is reported and information is properly retained as an official record.
5	No	$0	$0
We recommend the Secret Service Office of the Chief Information Officer update its vulnerability testing policy to incorporate the National Institute of Standards and Technology’s process for testing mobile app code.