TL;DR: Bryan Fleming, founder of stalkerware company pcTattletale, pleaded guilty on January 6, 2026 to federal hacking and conspiracy charges. He built software to secretly monitor romantic partners: tracking messages, photos, location, and screen activity. Homeland Security spent years investigating. Fleming faces up to 15 years in prison and $250,000 in fines. This is only the second federal stalkerware prosecution in over a decade. The company shut down in 2024 after a breach exposed 138,000 customer accounts.

What Happened

On January 6, 2026, Bryan Fleming walked into a San Diego federal courtroom and pleaded guilty to charges that would have seemed obvious to anyone who read his marketing materials: computer hacking, conspiracy, and unlawfully selling surveillance software.

Fleming ran pcTattletale from his home in Michigan. The software, active since at least 2016, let buyers secretly install monitoring on someone else's device. Once installed, it uploaded everything to pcTattletale's servers: messages, photos, location data, web browsing history, and even video recordings of screen activity.

The marketing wasn't subtle. Fleming positioned pcTattletale as a way to "catch a cheater." The company's pitch directly targeted people who wanted to spy on romantic partners without their knowledge or consent.

That's domestic abuse with extra steps. And it's illegal.

How They Caught Him

Homeland Security Investigations (HSI) launched their investigation in mid-2021. Agents went undercover, engaging with pcTattletale as potential customers.

What they found was damning. Fleming explicitly marketed the software for illegal purposes. His communications made clear he knew buyers intended to monitor spouses and partners without consent. The business model depended on it.

Fleming later told his lawyer he was "unaware" the product might violate laws. The evidence suggests otherwise. You don't build software to secretly surveil people and then act surprised that it's illegal.

Over its lifetime, pcTattletale generated more than $600,000 in transactions. Fleming built a profitable business enabling domestic abuse.

The Breach That Ended It

In 2024, pcTattletale suffered a data breach that exposed over 138,000 customer accounts. The company that helped abusers spy on victims couldn't protect its own data.

The breach exposed both sides of the equation: the stalkers and the stalked. Customer credentials were leaked alongside the surveillance data they'd collected from 26,000+ victims. If you were being monitored by a pcTattletale user, your messages, photos, and location data were suddenly available to anyone who downloaded the breach data.

pcTattletale shut down shortly after. Fleming's legal troubles were just beginning.

Why This Case Matters

Federal stalkerware prosecutions are vanishingly rare. This is only the second such case in over a decade. Stalkerware companies typically operate in a legal gray zone, marketing themselves as "parental monitoring" or "employee oversight" tools while knowing exactly who's really buying.

The charges against Fleming include:

  • Computer hacking: Creating and distributing software designed to access devices without authorization
  • Conspiracy: Working with buyers to enable illegal surveillance
  • Unlawful advertising of surveillance software: Marketing products primarily designed to intercept communications

Fleming faced up to 15 years in prison and a $250,000 fine. Update: On April 6, 2026, Fleming was sentenced to a $5,000 fine and no prison time.

The Stalkerware Industry Keeps Operating

pcTattletale is gone, but the industry continues. In 2025 alone, multiple stalkerware apps were breached:

  • SpyX: breached, customer and victim data exposed
  • Cocospy: breached, surveillance data leaked
  • Spyic: breached, customer credentials exposed
  • Catwatchful: breached, 26,000 victims' data exposed

These apps market themselves as "child monitoring" or "employee tracking" tools but are overwhelmingly used for intimate partner surveillance. They're designed to be invisible. They upload everything. And they keep getting hacked.

The EFF included stalkerware in their 2025 Breachies, noting that these companies "must be stopped." They enable domestic abuse at scale. And they can't even protect the data they steal.

What You Can Do

Check Your Device

Look for unfamiliar apps, unusual battery drain, or unexpected data usage. Stalkerware often runs silently in the background. On Android, check "Device Admin Apps" in settings, stalkerware needs admin access to hide properly.

Factory Reset if Unsure

If you suspect stalkerware and can't find it, a factory reset removes most variants. Back up only your own files. Don't restore from a backup that might contain the same spyware.

Secure Your Accounts

Change passwords from a device you trust. Enable two-factor authentication. Stalkerware often installs when abusers have physical access during password changes. Use a friend's phone or library computer if needed.

Get Help Safely

If you're in an abusive situation, the National Domestic Violence Hotline (1-800-799-7233) provides guidance. The Coalition Against Stalkerware offers technical resources for detecting and removing surveillance software.

The Bigger Picture

Bryan Fleming's conviction is a rare win against an industry that largely operates with impunity. But it took five years of investigation, an undercover operation, and a data breach that exposed the whole operation. Most stalkerware makers face no consequences.

The business model is clear: build tools for abusers, market them just vaguely enough to claim plausible deniability, collect money from people who want to control their partners. When you get breached, shut down and someone else will take your place.

Fleming got caught because he was obvious about it. The next one will be more careful with their marketing. The surveillance will continue.

Until there's systematic enforcement (not one prosecution per decade), stalkerware will remain a thriving industry. The technology enabling domestic abuse is legal until someone decides to prosecute. And almost no one decides to prosecute.

References

  1. The Register - Founder of stalkerware biz pcTattletale pleads guilty to federal hacking charges (January 2026)
  2. Bitdefender - pcTattletale Stalkerware Operator Pleads Guilty, Faces 15 Years Prison (January 2026)
  3. HackRead - pcTattletale Founder Bryan Fleming Pleads Guilty in Federal Stalkerware Case (January 2026)
  4. Cybernews - Stalkerware creator pleads guilty (January 2026)
  5. Coalition Against Stalkerware - Resources for detecting stalkerware