Of the many questions this situation raises, two stand out: Was any data on Kelly's personal phone obtained, and if so, was it in any way sensitive? Since the affected device was Kelly's personal phone, it's possible that there was no valuable information on it to obtain. The chief of staff mostly used his government-issued phone for official communications since joining the Trump administration, though it's clearly not impossible for senior White House officials to use their personal phones for official business. Still, a White House spokesperson told Politico that Kelly hadn't used his personal phone "often" after taking over as chief of staff, implying that it did happen from time to time.
The report raises the possibility that Kelly kept information pertaining to his previous gig as the Secretary of Homeland Security on the phone, but neither he nor anyone else related to the incident has commented on what's actually on the device.
Still other specifics remain similarly vague. Despite "several days" of testing, there is currently no word on how the attack was carried out. It's also unclear what kind of phone Kelly was using as a personal device, though he has been seen using an iPhone in the past. This matters more than you might think: older devices are eventually dropped from manufacturer support schedules so they typically don't get new software and security updates, making them more vulnerable to attacks that new phones would better resist. The exact timing of the hack also remains unclear, and while a memo detailing the incident was distributed to administration staff, no one within the White House seems ready to assign blame just yet.