Spyware Creator Bryan Fleming Escapes Jail Time at Sentencing

Bryan Fleming, the first spyware maker convicted in over a decade, has avoided imprisonment after pleading guilty to U.S. federal charges related to his surveillance company. On Friday, a San Diego federal court sentenced Fleming to time served and a $5,000 fine, confirmed by a spokesperson for the U.S. Attorney’s office in the Southern District of California. In a January plea hearing after a years-long federal investigation into his spyware company, pcTattletale, Fleming admitted to making, selling, and advertising spyware for illegal purposes. Prosecutors had previously requested that Fleming receive no custodial sentence or fine. Fleming’s conviction is the first successful prosecution of a spyware maker by the U.S. Department of Justice since 2014, potentially paving the way for future cases against others with illegal surveillance operations. His attorney, Marcus Bourassa, did not respond to TechCrunch’s request for comment. In 2025, Homeland Security Investigations, a division of U.S. Immigration and Customs Enforcement, charged Fleming as part of a broader investigation into the consumer-grade spyware industry. Many spyware operators operate overseas, but Fleming attracted attention for facilitating spyware use from the United States, within U.S. law enforcement’s reach. Spyware apps like pcTattletale, often called “stalkerware,” allow users to secretly plant surveillance software on others’ devices, gaining access to messages, photos, and real-time locations without their knowledge. A federal affidavit revealed that Fleming “knowingly assisted customers seeking to spy on nonconsenting, non-employee adults.” Although the number of individuals pcTattletale spied on is unknown, a 2024 data breach exposed part of the operation’s scale. A TechCrunch investigation found pcTattletale had a security flaw, exposing millions of screen captures to the internet, including U.S. hotel check-in computers with guest details. Fleming did not respond or fix the flaw. A week after the report, Fleming shut down pcTattletale following a hack and data breach, revealing more than 138,000 customers had used the service to spy on victims. The hacker accessed all files in pcTattletale’s cloud storage through another security flaw. It’s unclear how many devices pcTattletale compromised; Fleming did not inform customers or victims of the breach. Fleming told TechCrunch that he “deleted everything” from company servers after the breach. pcTattletale is among several stalkerware makers forced offline after security lapses, including LetMeSpy, Cocospy, and Spyhide.