The Federal Bureau of Investigation (FBI) has confirmed that the personal email account of its director, Kash Patel, was compromised by a hacking group linked to Iran.
In a statement, the FBI said it is aware of “malicious actors” targeting Patel’s personal email but stressed that the breach did not involve classified or government information.
“The information in question is historical in nature and involves no government information,” the agency said.
The cyberattack has been claimed by the Handala Hack Team, which published alleged documents and personal photos from Patel’s account on its website. The group also released what it described as Patel’s résumé, warning: “This is just our beginning.”
Images circulating online appear to show Patel in various informal settings, including at restaurants, hotels, and alongside luxury items, raising concerns over personal data exposure.
The group used the breach to mock US cybersecurity, claiming it had penetrated systems tied to the FBI within hours.
In response, the FBI announced a reward of up to $10 million for information leading to the identification or capture of those responsible.
The United States Department of Justice had earlier seized multiple domains linked to the group, alleging connections to Iran’s Ministry of Intelligence and Security (MOIS). Authorities say the sites were used for propaganda, cyberattack claims, and threats against journalists and dissidents.
Officials noted that the domain used in the latest attack was registered on March 19 — the same day authorities announced the seizure of other related websites.
The hacking group said the breach was carried out in retaliation for those actions and the FBI’s reward offer.
The group has also claimed responsibility for a recent cyberattack on Stryker, alleging it wiped hundreds of thousands of systems and stole large volumes of sensitive data.
US intelligence officials have warned that cyberattacks linked to Iran could escalate as geopolitical tensions rise.
Patel, who became the ninth FBI director in 2025, had previously been targeted in a separate cyber incident in 2024 before taking office.
