FBI Director Kash Patel's personal email account was breached by Iran-linked hackers, who published more than 300 emails and photos online Friday. The Handala Hack Team claimed responsibility, posting a message stating Patel "will now find his name among the list of successfully hacked victims." The leaked information includes photos of Patel smoking cigars, standing next to cars with Cuban license plates, and a purported snippet of an older version of his resume.
An FBI spokesperson acknowledged the breach, stating the agency is "aware of malicious actors targeting Director Patel's personal email information." The spokesperson added they have "taken all necessary steps to mitigate potential risks associated with this activity" and that the "information in question is historical in nature and involves no government information."
Handala claimed the breach was retaliation for the Justice Department's seizure of its websites on March 19. The Justice Department accused the group of "psychological operations" and identified it as a front for Iran's Ministry of Intelligence and Security. Handala also claimed responsibility for a cyberattack on U.S. medical tech company Stryker earlier this month, claiming to have wiped "over 200,000 systems, servers and mobile devices" and extracted "50 terabytes of critical data."
The leaked emails appear to be from Patel's personal Gmail account and date back to the early 2010s, with the most recent being a plane ticket receipt from 2022. The emails include details about Patel's travels between 2012 and 2019, messages and photos exchanged with family members, conversations about filing his personal taxes, and information from leasing agents about D.C. apartments Patel was interested in renting over a decade ago. Alex Orleans, the head of threat intelligence at Sublime Security, suggested Iran may have strategically waited to release the files.
The U.S. has linked Handala back to Iranian intelligence services, making it difficult to formally attribute attacks to the Iranian government. Gil Messing, chief of staff at Check Point, said the hack-and-leak operation against Patel was part of Iran's strategy to embarrass U.S. officials and "make them feel vulnerable." The Justice Department seized four web domains tied to Iranian hacking schemes and the threatening of dissidents.
Cynthia Kaiser, senior vice-president at Halcyon Ransomware Research Center, believes the release was likely from a historical breach. Dave Schroeder, director of National Security Initiatives at the University of Wisconsin–Madison, noted that personal accounts often lack the same level of protection as government systems, making them attractive targets for hackers. U.S. officials informed Patel in late 2024 that he had been the target of an Iranian cyberattack before he agreed to lead the FBI.
FBI Director Kash Patel's personal email account was breached by Iran-linked hackers, who published more than 300 emails and photos online Friday. The Handala Hack Team claimed responsibility, posting a message stating Patel "will now find his name among the list of successfully hacked victims." The leaked information includes photos of Patel smoking cigars, standing next to cars with Cuban license plates, and a purported snippet of an older version of his resume.
An FBI spokesperson acknowledged the breach, stating the agency is "aware of malicious actors targeting Director Patel’s personal email information." The spokesperson added they have "taken all necessary steps to mitigate potential risks associated with this activity" and that the "information in question is historical in nature and involves no government information." The FBI is offering up to $10 million for information that helps identify members of the Handala group.
Handala claimed the breach was retaliation for the FBI's seizure of several of its websites last week. The Justice Department accused the group of "psychological operations" and identified it as a front for Iran’s Ministry of Intelligence and Security. Handala also claimed responsibility for a cyberattack on U.S. medical tech company Stryker earlier this month, claiming to have wiped "over 200,000 systems, servers and mobile devices" and extracted "50 terabytes of critical data."
The leaked emails appear to be from Patel's personal Gmail account and date back to the early 2010s, with the most recent being a plane ticket receipt from 2022. The emails include details about Patel's travels between 2012 and 2019, messages and photos exchanged with family members, conversations about filing his personal taxes, and information from leasing agents about D.C. apartments. Alex Orleans, the head of threat intelligence at Sublime Security, suggested Iran may have strategically waited to release the files.
The U.S. has linked Handala back to Iranian intelligence services, making it difficult to formally attribute attacks to the Iranian government. Gil Messing, chief of staff at Check Point, said the hack-and-leak operation against Patel was part of Iran’s strategy to embarrass U.S. officials and “make them feel vulnerable.” The Justice Department seized four web domains tied to Iranian hacking schemes and the threatening of dissidents.
Cynthia Kaiser, senior vice-president at Halcyon Ransomware Research Center, believes the release was likely from a historical breach. Dave Schroeder, director of National Security Initiatives at the University of Wisconsin–Madison, noted that personal accounts often lack the same level of protection as government systems, making them attractive targets for hackers. U.S. officials informed Patel in late 2024 that he had been the target of an Iranian cyberattack before he agreed to lead the FBI.
The FBI will continue to investigate the breach and encourages anyone with information about Handala to contact the bureau for the reward.
Highlighted text was flagged by the council. Tap to see feedback.
