Iran-Linked Hackers with ties to the Iranian government have successfully breached the personal email account of FBI Director Kash Patel, accessing and publicly releasing a trove of personal materials, according to a source familiar with the matter.
The breach, which was first reported by Reuters on Friday, was confirmed by CNN. The hackers published a series of personal photographs and documents taken from Patel’s account, with a source confirming the authenticity of the images.
A preliminary review of the leaked files, which appear to date from roughly 2011 to 2022, shows they contain personal correspondence, business-related emails, and travel arrangements. However, a cybersecurity researcher assisting in the review characterized the incident as less a sophisticated infiltration of federal systems and more a compromise of personal data.
“This isn’t an FBI compromise — it’s someone’s personal junk drawer,” said Ron Fabela, an independent cybersecurity researcher who reviewed the materials.
The hacking group, which has claimed responsibility for the attack, also conducted a cyberattack earlier this month against a major U.S. medical device manufacturer. In that incident, the group framed the attack as retaliation for a missile strike on an Iranian elementary school, an incident the Pentagon has stated it is investigating.
U.S. intelligence officials have been warning for weeks that Tehran-linked hackers may seek to retaliate for the recent U.S. and Israeli bombing campaign in Iran.
This is not the first time Patel’s private information has been targeted by Iranian-backed operatives. In late 2024, weeks before his appointment to lead the FBI, Patel was informed that he was among a group of incoming Trump administration officials whose personal communications were accessed as part of a broader Iranian hacking effort.
That earlier campaign also targeted individuals including Deputy Attorney General Todd Blanche, former interim U.S. Attorney Lindsey Halligan, and Donald Trump Jr., and was part of a wave of foreign cyber-espionage activities involving both Iranian and Chinese actors.
The U.S. Justice Department has formally accused the hacking group of operating on behalf of Iran’s Ministry of Intelligence and Security. In response to the recent attack on the medical device company, the department moved to seize websites used by the group to disrupt their operations, though the Iranian cyber operatives continue to claim victims and disseminate propaganda.
