Iran-Linked Hackers Breach FBI Director’s Personal Email, Release Photos and Documents

Iran-linked hackers have breached FBI Director Kash Patel’s personal email account, releasing private photographs and a trove of messages online, according to the hackers and the FBI, prompting renewed concern about cyberattacks targeting senior U.S. officials.

In a post on their website on Friday, a group calling itself Handala Hack Team declared that Patel “will now find his name among the list of successfully hacked victims.” The hackers posted a series of personal images showing the FBI director sniffing and smoking cigars, riding in an antique convertible and posing for a mirror selfie with a large bottle of rum.

The FBI confirmed that Patel’s emails were targeted. Spokesman Ben Williamson said in a statement that the bureau “has taken all necessary steps to mitigate potential risks associated with this activity” and that the information involved was “historical in nature and involves no government information.”

Handala, which presents itself as a pro-Palestinian vigilante hacking collective, is widely assessed by Western researchers as one of several personas used by Iranian government cyberintelligence units. The group has recently claimed other high-profile intrusions, including an attack on Michigan-based medical devices and services provider Stryker (SYK.N) on March 11, saying it had deleted a massive trove of company data.

Handala did not respond to messages seeking comment, and Reuters was unable to access the group’s website late Friday.

Beyond the photographs, the hackers also published a sample of more than 300 emails, which they said span personal and work correspondence dated between 2010 and 2019.

Reuters could not independently authenticate the emails attributed to Patel. However, the personal Gmail address Handala claimed to have compromised matches an address previously linked to Patel in data breaches preserved by the dark web intelligence firm District 4 Labs. Alphabet (GOOGL.O), which owns Google and runs Gmail, did not respond to a request for comment.

The website used by the Handala Hack Team, an Iran-linked hacker group that claimed credit for breaching FBI Director Kash Patel’s personal email, is pictured on a screen in Washington D.C., U.S., March 27, 2026. REUTERS/Raphael Satter Purchase Licensing Rights

‘MAKE THEM FEEL VULNERABLE’

The Handala disclosures follow a period of intensified cyber bragging by Iran-linked operators. The activity comes after the United States and Israel launched coordinated strikes against the Islamic Republic last month, according to reporting, and as the broader conflict continues.

Thursday, Handala also claimed it had published personal data connected to dozens of Lockheed Martin (LMT.N) employees stationed in the Middle East. Lockheed Martin said it was aware of the reports and that it maintains policies and procedures designed to “mitigate cyber threats to our business.”

Gil Messing, chief of staff at Israeli cybersecurity firm Check Point, said the hack-and-leak campaign aimed at Patel fits into Iran’s broader effort to embarrass U.S. officials and “make them feel vulnerable.”

“The Iranians, he said, are ‘firing whatever they have.’”

Targeting personal accounts of senior officials is a tactic that has recurred over the years, and periods of periodic breaches and disclosures are not unusual. In 2016, hackers broke into Hillary Clinton campaign chairman John Podesta’s personal Gmail account and released much of the material on WikiLeaks. In 2015, teenage hackers accessed then-CIA director John Brennan’s personal AOL account and leaked data about U.S. intelligence officials.

Breaches of this kind typically do not require cutting-edge techniques, according to a U.S. intelligence assessment reviewed by Reuters on March 2. The assessment said Iran and its proxies could respond to the killing of Iran’s Supreme Leader Ayatollah Ali Khamenei with lower-level hacks against U.S. digital networks.

Officials have also raised the possibility that more material could remain available. Iran-linked hackers “may have other emails in reserve,” Reuters reported, citing the pattern of prior claims and delayed releases.

Last year, a group using the pseudonym “Robert” told Reuters it was weighing disclosure of 100 gigabytes of data stolen from White House chief of staff Susie Wiles and other close advisers to U.S. President Donald Trump. Reuters said it could not verify the claim, and the group did not respond to messages for months.

Reporting by Jana Winter, AJ Vicens and Raphael Satter; Writing by Raphael Satter; Editing by Deepa Babington, Nick Zieminski, Rod Nickel