FBI Director Kash Patel just got hit with the kind of breach his own agency is supposed to stop.
Hackers tied to Iran claim they broke into Patel’s personal email—and they’re not being subtle about it. They’ve already dumped what they say are his private photos and resume online.
A Justice Department official confirmed to Reuters that Patel’s inbox was in fact compromised, adding that the material circulating online appears to be real. Beyond that, officials have said very little. The FBI, notably, didn’t respond when asked for comment.
The group taking credit calls itself Handala Hack Team. On its website, it mocked Patel directly, saying he “will now find his name among the list of successfully hacked victims.”
And they didn’t stop at claims. The hackers posted a batch of personal images—Patel smoking cigars, riding in an antique convertible, and even snapping a mirror selfie with a large bottle of rum, according to Reuters. Alongside the photos, they uploaded what appears to be his resume.
Handala presents itself as a pro-Palestinian hacktivist outfit, but Western cybersecurity researchers have linked it to Iranian government cyberintelligence operations. In other words, this isn’t just random internet chaos—it points straight at a known adversary.
Reuters reviewed a sample of the leaked material and reported it includes a mix of personal and professional emails spanning nearly a decade, from 2010 to 2019. The email account in question reportedly matches one tied to Patel in earlier breaches cataloged by dark web intelligence firm District 4 Labs.
CBS News separately confirmed that sources familiar with the situation say cyber actors linked to Iran accessed Patel’s personal account. Again, no immediate comment from the FBI.
The timing makes the whole thing worse.
Earlier this month, the Justice Department announced it had seized four domains tied to the Handala group as part of a broader crackdown on Iranian cyber operations. The domain allegedly used in Patel’s breach? Registered the exact same day that seizure was announced —March 19.
Handala didn’t hide the connection. In an online post, the group directly referenced the domain takedowns and fired back: “We decided to respond to this ridiculous show in a way that will be remembered forever.”
They went further, taking a shot at the bureau itself: “The so-called ‘impenetrable’ systems of the FBI were brought to their knees within hours by our team”
The Justice Department has already accused the group of multiple cyberattacks, including targeting a U.S.-based medical technology company and exposing sensitive data tied to individuals connected to the Israeli government and military.
Now, the director of the FBI is on that same list. And the bureau he runs? So far, it’s saying nothing.
