Signalgate leaker Pete Hegseth just handed a multimillion-dollar contract to protect the Defense Department from hackers to a firm that allegedly couldn’t even protect its own employees from having their data stolen.
The Defense Secretary came under fire last year for disclosing sensitive details of U.S. military strikes to a journalist who’d been accidentally added to a group chat on Signal.
Hegseth used the messaging app, which is not approved for official government communications, with other top members of Donald Trump’s cabinet, including Vice President JD Vance, Secretary of State Marco Rubio, White House Chief of Staff Susie Wiles, Deputy Chief of Staff Stephen Miller, and CIA Director John Ratcliffe.
The Daily Beast can now reveal that after Hegseth’s jaw-dropping security blunder, his department has awarded almost $100 million in contracts for protecting IT systems at U.S. facilities across the world to a firm hit by a massive breach that saw criminals make off with sensitive personal data on at least 45,000 people. The new deal is to provide and maintain electronic systems to protect Navy bases from cyber attacks, as well as emergency systems to help manage physical threats against those facilities.
Virginia-based group M.C. Dean’s latest contract with the Pentagon landed on Feb. 26, two days before Donald Trump went to war with Iran. The Islamic regime is one of the most adversarial hacking forces on the planet, carrying out repeated attacks against U.S. military assets, industrial infrastructure, banks, and elections. Iran is presently bombing American targets around the Persian Gulf in retaliation for Trump’s strikes.
Criminals first got into M.C. Dean’s systems in December 2021, accessing sensitive details of employees, contractors, and other individuals’ driver’s licenses, Social Security numbers, and health insurance information. The month before, the group had won a $250m Pentagon IT contract for dozens of DOD facilities across the country—including the nuclear bunker where Dick Cheney was taken on 9/11.
The breach lasted for at least five months. A class action lawsuit brought against M.C. Dean the following year by victims of the hack accused the group of failing to inform people of the attack until three months after it was discovered.
Victims said the company had “intentionally, willfully, recklessly, or negligently” failed to ensure their data was protected, leaving the door open for a “nefarious third party” that could well use those details to extort them in future. M.C. Dean denied “any and all” of those claims, but agreed to compensate those affected up to $8,000 each to avoid the time and costs of battling it out in court.
Hegseth’s approach to protecting sensitive government information has come under intense scrutiny since the Signal scandal last year. A DoD inspector general probe found that sensitive details of military strikes were shared after The Atlantic’s editor-in-chief, Jeffrey Goldberg, had accidentally been added to the White House chat. It also discovered that Hegseth’s staff had rigged systems in his office to allow him to use Signal at the Pentagon, which is obviously supposed to be a secure classified facility.
Hegseth refused to sit for an interview with officials investigating those claims, declined to hand over his phone, and violated federal record laws by allowing messages in his chats to be automatically deleted before they could be permanently saved.
The Daily Beast has contacted the Pentagon and M.C. Dean for comment on this story.
