Iranian-linked hackers have claimed responsibility for breaching FBI Director Kash Patel’s personal email account and publishing private images and documents online, according to a Justice Department official who confirmed the intrusion and said the materials appear authentic.
The hacking group, known as Handala Hack Team, announced the breach on its website Friday, boasting that Patel had been added to its list of “successfully hacked” targets. The group has previously presented itself as a pro-Palestinian vigilante operation, though Western cybersecurity researchers assess it as a front for Iranian government-linked cyber units.
An FBI spokesperson said the bureau has responded to the hack.
“The FBI is aware of malicious actors targeting Director Patel’s personal email information, and we have taken all necessary steps to mitigate potential risks associated with this activity,” the spokesperson told the Washington Examiner. “The information in question is historical in nature and involves no government information. The Department of State’s Rewards for Justice program offers up to a $10 million reward for information leading to the identification of the Handala Hack Team out of Iran – a group that has frequently targeted U.S. government officials.”
The cache of leaked material reportedly includes photographs and a mix of personal and professional correspondence spanning several years. Analysts reviewing the breach noted that the targeted Gmail account matches an address previously associated with Patel in earlier data exposures tracked by dark web intelligence firms.
The materials uploaded by the hackers appear to show a combination of personal and work emails involving Patel from 2010 to 2019. Images posted to the hacking group’s Telegram account included a picture of Patel sniffing a cigar and posing for photos. An image of his alleged resume shows a personal email and a phone number.
Iran is widely known to rely on proxy groups such as Handala for its cyber tactics, which makes it harder for nations to attribute blame to the Iranian government. And while Handala boasted about its achievement and claimed lower-level officials could be subject to hacking vulnerabilities, it is not uncommon for these proxy groups to exaggerate the scale of their operations and the information they’ve stolen.
The incident marks the latest escalation in a pattern of Iranian-linked cyber activity targeting high-ranking U.S. officials and individuals connected to President Donald Trump. Patel, who played a prominent role in Trump’s first administration and is now leading the FBI, has been a repeated target.
In late 2024, shortly after Patel was selected as Trump’s FBI director, sources told CBS News he had been the subject of a suspected Iranian-backed cyberattack. At the time, it was unclear whether the attempt succeeded in accessing his communications or how much data may have been compromised.
The renewed breach comes amid broader warnings from U.S. intelligence and law enforcement agencies about Tehran’s expanding cyber operations. In the months leading up to the 2024 presidential election, federal officials cautioned that Iranian actors were actively targeting Trump campaign staff and allies.
Those concerns were underscored in September 2025, when Justice Department prosecutors charged three members of Iran’s Revolutionary Guard in connection with a sweeping hacking campaign aimed at U.S. officials, including individuals in Trump’s orbit.
Handala has also claimed responsibility for other recent cyberattacks, including a March breach of Michigan-based medical device company Stryker, in which the group alleged it deleted a large volume of corporate data, according to NBC News.
BIDEN DOJ SOUGHT MORE SUBPOENAS FOR PATEL AND REPUBLICANS THAN PREVIOUSLY KNOWN, RECORDS SHOW
The extent of the damage from the Patel breach, including whether sensitive government-related information was exposed, remains unclear.
Officials have not said whether the compromised account contained classified material, but the incident is likely to intensify scrutiny of cybersecurity practices among senior federal officials as tensions with Iran continue to play out in the digital arena.
