FBI Director Kash Patel’s personal email account has been compromised by a group believed to be linked to Iran, according to confirmation from the Department of Justice.
The group, which calls itself the Handala Hack Team, published what it claims are materials taken directly from Patel’s inbox, including personal photographs and documents such as a purported resume. The files were posted to the group’s website alongside a message warning that Patel “will now find his name among the list of successfully hacked victims.”
A Justice Department official confirmed the breach and indicated that at least some of the material appears to be legitimate.
Handala presents itself as a pro-Palestinian hacking collective and has been widely assessed by cybersecurity experts as operating in alignment with Iranian government cyberintelligence efforts. The group has previously targeted Israeli and Western entities, often combining data leaks with propaganda messaging intended to amplify political impact.
Reporting from Newsweek provides additional context on the breach, noting that “the Gmail address the hackers say they accessed matches an address previously linked to Patel in older data breaches tracked by the dark web intelligence firm District 4 Labs.” The report added that “a sample of the material appears to include a mix of personal and work-related correspondence dating from 2010 to 2019. The scope of the breach and how the account was accessed were not immediately clear.”
It remains uncertain whether the compromised account contained sensitive government information or whether it was used strictly for personal communications. However, the incident underscores longstanding concerns within the intelligence community about the risks posed by officials using personal email accounts, particularly older accounts that may have been exposed in prior breaches.
Cybersecurity analysts note that threat actors often exploit previously leaked credentials or use phishing campaigns to gain access to high-value targets. If the account had appeared in earlier breaches, as suggested, it may have been vulnerable to credential-stuffing attacks or other forms of unauthorized access.
The breach also comes amid heightened tensions between the United States and Iran in cyberspace. Iranian-linked groups have increasingly engaged in cyber operations targeting U.S. officials, infrastructure, and private-sector entities, often as part of broader geopolitical messaging campaigns.
Officials have not yet disclosed whether an investigation is underway or whether additional accounts or systems may have been affected.
READ NEXT: Ethics Panel Finds Most Violations Proven Against Indicted Congresswoman
