The founder of a consumer spyware company has been sentenced to time served and a $5,000 fine after pleading guilty to federal charges. Bryan Fleming, the operator of pcTattletale, became the first spyware maker successfully prosecuted by the U.S. Department of Justice in over a decade.

The sentencing took place on Friday in a San Diego federal court, confirmed by the U.S. Attorney's office for the Southern District of California. Prosecutors had previously requested no custodial sentence for Fleming, who admitted in a January plea hearing to making, selling, and advertising spyware for unlawful purposes.

Operation and Investigation

Investigators with Homeland Security Investigations (HSI) brought charges against Fleming in 2025 as part of a wider probe into the consumer spyware industry. Federal agents focused on Fleming because he sold and facilitated the use of spyware from within the United States, placing him within the jurisdictional reach of U.S. law enforcement.

Spyware apps like pcTattletale are often called "stalkerware," as customers typically plant the surveillance software on someone else's device without their knowledge or consent. Once installed, the apps stealthily upload the contents of the victim’s device—including messages, photos, and real-time location—to a server accessible by the person who planted it.

Scale of Surveillance and Security Failures

According to an affidavit filed by federal investigators, Fleming, in some cases, "knowingly assisted customers seeking to spy on nonconsenting, non-employee adults." The full scale of the surveillance is unknown, but a 2024 data breach revealed that more than 138,000 customers had paid the company to spy on countless victims.

Earlier that year, a security researcher discovered a critical flaw in pcTattletale's systems that was exposing millions of screen captures from victims' devices to the open internet. The exposed data included screenshots from check-in computers at several U.S. hotels, revealing guest and reservation details. Fleming did not respond to the researcher or fix the security flaw.

Shutdown and Broader Context

One week after TechCrunch's report on the security flaw, pcTattletale was shut down in 2024 following a high-profile hack, website defacement, and data breach. A hacker exploited a different security vulnerability, gaining access to all files stored in the company's cloud data storage account.

Fleming told TechCrunch at the time that he "deleted everything" from his company's servers following the breach but did not notify his customers or their victims. pcTattletale joins several other stalkerware makers, including LetMeSpy, Cocospy, and Spyhide, that have been forced offline following security lapses.

Fleming's attorney, Marcus Bourassa, did not respond to a request for comment. This conviction is seen as a potential precedent for future U.S. prosecutions against others operating illegal surveillance businesses.