The first convicted spyware maker in over a decade has avoided jail time after earlier pleading guilty to U.S. federal charges associated with running his surveillance company.
Bryan Fleming was sentenced on Friday in a San Diego federal court to time served and a $5,000 fine, confirmed a spokesperson for the U.S. Attorney for the Southern District of California, whose office brought the charges against Fleming.
During a plea hearing in January following a years-long federal investigation into his spyware company, pcTattletale, Fleming admitted to making, selling, and advertising spyware for unlawful uses.
Prosecutors had previously asked the judge for Fleming to receive no custodial sentence or fine.
Fleming’s criminal conviction marks the first successful prosecution of a spyware maker by the U.S. Department of Justice since 2014, potentially opening the door to future prosecutions against others with illegal surveillance operations.
Fleming’s attorney, Marcus Bourassa, did not respond to a request for comment when contacted by TechCrunch.
Investigators with Homeland Security Investigations (HSI), a unit within U.S. Immigration and Customs Enforcement, brought charges against Fleming in 2025 as part of a wider probe into the consumer-grade spyware industry. While many spyware operators run their businesses from overseas, investigators told TechCrunch that Fleming drew the attention of federal agents as he sold and facilitated the use of spyware from the United States, and was someone within the jurisdictional reach of U.S. law enforcement.
Spyware apps like pcTattletale are referred to as “stalkerware,” as paying customers often plant surveillance software on the devices of someone else without their knowledge or consent, such as their spouse. Once planted, these apps stealthily upload the contents of a victim’s device, including their messages, photos, and real-time location, and make the data viewable to the person who planted the spyware.
According to an affidavit filed by federal investigators who sought to search his house, Fleming, in some cases, “knowingly assisted customers seeking to spy on nonconsenting, non-employee adults.”
It’s not known how many people pcTattletale spied on, but a data breach in 2024 revealed some of the scale of the long-running operation.
According to an earlier investigation by TechCrunch, a security researcher discovered that pcTattletale had a security flaw that was exposing millions of screen captures, taken by the spyware from the victim’s device every few seconds, to the open internet, which allowed anyone to see the contents of other people’s computer displays. This included screenshots of check-in computers at several U.S. hotels that had pcTattletale installed, which exposed hotel guest and reservation details.
Fleming did not respond to the researcher nor fix the security flaw.
A week following our report, Fleming shut down pcTattletale in 2024 after a high-profile hack, website defacement, and data breach, which revealed that more than 138,000 customers had paid the company to help spy on countless victims.
The hacker told TechCrunch that they exploited a different security flaw, allowing access to all of the files stored in pcTattletale’s cloud data storage account, including those of the victims.
It’s not clear exactly how many people had their devices compromised by pcTattletale, and Fleming did not notify his customers or their victims of the data breach. The pcTattletale founder told TechCrunch at the time that he “deleted everything” from his company’s servers following the breach.
pcTattletale is one of several makers of stalkerware that have shut down or forced offline following a security lapse, including LetMeSpy, Cocospy, and Spyhide.
