A US Treasury Department employee has been charged with conspiracy for leaking information to a reporter. Likely, she believed she was protected because her communications were via encrypted app. But Federal investigators found the messages stored on her device. The lesson: Even if you message on an encrypted app, if the data is stored on your device or uploaded to the cloud without any added protection, it’s potentially there for the taking.

As The Washington Post explains, “Services such as Signal cloak messages when they’re going from one device to another – but once they reach their destination, it’s up to the user to make sure they can’t be accessed. In other words, if you are backing up your decrypted messages onto to your device, you are no longer protected by the app.”

Earlier this year that lesson was on display when the FBI was able to seize data from former Trump attorney Michael Cohen’s devices, as well as former campaign chairman Paul Manafort.

The Treasury employee was charged with disclosing suspicious activity reports (SARs)–documents that banks issue when they see questionable transactions. According to the criminal complaint, FBI agents discovered the employee’s communications with reporters after searching her phone and a flash drive she reportedly used.

“Encrypted messaging apps offer crucial protections for those who want to safeguard their communications from prying eyes. But a high-profile leak investigation is a reminder that the apps may provide a false sense of security for people who do not use them correctly or take other security precautions,” writes The Washington Post.

Get the full story at The Washington Post.