Founder of pcTattletale pleads guilty to hacking and selling stalkerware

TL;DR

Bryan Fleming, founder of Michigan-based pcTattletale, pleaded guilty in federal court to computer hacking, selling and advertising surveillance software for unlawful uses, and conspiracy. The plea follows a multi-year Homeland Security Investigations probe and comes after pcTattletale shut down in 2024 following a data breach.

What happened

Bryan Fleming, who ran the remote surveillance service pcTattletale from Michigan, entered a guilty plea in a San Diego federal court to charges including computer hacking, selling and advertising surveillance software for unlawful uses, and conspiracy. The case was built over a multi-year investigation by Homeland Security Investigations that began in mid-2021 as part of a broader probe into consumer-grade surveillance tools often called stalkerware. Investigators used search warrants, reviewed emails and bank records, conducted physical surveillance of Fleming’s home, and ran an undercover operation in which an HSI agent posed as an affiliate marketer. Evidence cited included communications and advertising materials that promoted covert monitoring of partners. pcTattletale had been taken offline in 2024 after a breach exposed data tied to more than 138,000 customers; Fleming said at the time the company was "out of business." Fleming is expected to be sentenced later this year.

Why it matters

• Sets a notable federal precedent: first successful U.S. federal prosecution of a stalkerware operator in over a decade.
• Signals increased law enforcement attention on consumer-grade spyware and the businesses that create, market, or sell it.
• Highlights the privacy and safety risks to targets when surveillance tools are commercially available and poorly regulated.
• May deter operators and affiliates who publicly advertise or assist in distributing covert monitoring products.

Key facts

• Charges pleaded to: computer hacking; sale and advertising of surveillance software for unlawful uses; and conspiracy.
• HSI opened its investigation in mid-2021 after finding many stalkerware websites; pcTattletale was among the targets.
• pcTattletale had been under Fleming’s control since at least 2016 and offered software to monitor phones and computers.
• The company shut down in 2024 after a breach exposed data tied to more than 138,000 customers listed on Have I Been Pwned.
• Investigators obtained email and financial records, and noted pcTattletale ads explicitly promoted spying on spouses and partners.
• Bank and PayPal records showed transactions totaling more than $600,000 as of the end of 2021.
• HSI used undercover outreach and secured a search warrant for Fleming’s residence; public records show he later sold the house for $1.2 million.
• This prosecution follows a 2014 case involving a phone-surveillance app creator, marking the first comparable federal conviction since then.
• Fleming is expected to be sentenced later in the calendar year.

What to watch next

• Fleming’s sentencing, scheduled for later this year (confirmed in the source).
• Whether federal prosecutors open additional cases against other stalkerware operators or affiliates — the plea could prompt further investigations.
• not confirmed in the source: potential legislative or regulatory responses aimed specifically at commercial stalkerware sales and advertising.

Quick glossary

• Stalkerware: Consumer-focused surveillance software designed to secretly monitor another person's device and data, often used to track messages, location, and media without consent.
• Homeland Security Investigations (HSI): A division of U.S. Immigration and Customs Enforcement that investigates cross-border and domestic criminal activity, including cybercrimes.
• Data breach: An incident where protected or confidential information is accessed, disclosed, or stolen by unauthorized parties.
• Affiliate marketing: A business arrangement where individuals or companies promote a product or service in exchange for a commission on resulting sales or leads.

Reader FAQ

What crimes did Bryan Fleming plead guilty to?
He pleaded guilty to computer hacking, the sale and advertising of surveillance software for unlawful uses, and conspiracy.

Was pcTattletale still operating at the time of the plea?
No. Fleming shut pcTattletale down in 2024 after a data breach; he said the company was out of business and deleted server contents.

Were people’s data exposed in the pcTattletale breach?
Yes. Data tied to more than 138,000 customers who signed up for pcTattletale was shared on Have I Been Pwned, and the breach included identifiable information for customers and their victims.

Will this case lead to more prosecutions of stalkerware makers?
The source says the conviction could pave the way for further federal investigations and prosecutions, but concrete future charges are not detailed.

What sentence will Fleming receive?
Not confirmed in the source.

The founder of a U.S.-based spyware company, whose surveillance products allowed customers to spy on the phones and computers of unsuspecting victims, pleaded guilty to federal charges linked to his…

Sources

• Founder of spyware maker pcTattletale pleads guilty to hacking and advertising surveillance software
• Founder of spyware maker pcTattletale pleads guilty to …
• A stalking app, $1.2M Macomb Co. mansion lead feds to …
• Backdoor found in court and jail AV recording software

Related posts

• Building a Custom Raspberry Pi Data Diode for Air‑Gapped Systems
• Vietnam bans unskippable video ads, requires skip after 5 seconds
• FTSE 100 bosses’ pay exceeds typical worker’s annual salary in under 3 days