An Iran-linked hacking group has breached the personal email account of FBI Director Kash Patel, releasing photographs and documents online in what U.S. officials describe as an authentic compromise.
The group, known as Handala, claimed responsibility for the intrusion and followed through on a warning issued a day earlier on its Telegram channel targeting the FBI. “Soon you will realize that the FBI’s security was nothing more than a joke,” the hackers wrote in that message.
On Friday, Handala posted images of Patel—including some showing him smoking a cigar—along with what appeared to be an old résumé. Although the group’s initial Telegram account was taken down, a replacement channel quickly surfaced with additional statements. U.S. officials later confirmed that the leaked material appears genuine.
JUST IN – FBI director Kash Patel's personal email address hacked, says DOJ. This comes only a day after Iran-linked Handala hacking group claims it breached the FBI: "Soon you will realize that the FBI's security was nothing more than a joke." pic.twitter.com/XeuogL8I0Y
— Disclose.tv (@disclosetv) March 27, 2026
A Justice Department official told Reuters that Patel’s email had been compromised, while the FBI declined to comment. The Justice Department did not respond to follow-up inquiries.
The breach represents an escalation for Handala, a pro-Palestinian hacking collective that U.S. authorities have linked to Iranian interests. The group recently claimed it had infiltrated systems at Lockheed Martin, the defense contractor behind advanced weapons platforms including the F-35, F-22, and THAAD missile defense system.
In response to those claims, a Lockheed Martin spokesperson said: “Lockheed Martin continues to carry out its mission-critical work in support of American and allied warfighters around the world. We are aware of the reports and have policies and procedures in place to mitigate cyber threats to our business.” The company added that it remained confident in its “multi-layered information systems.”
The incident follows recent law enforcement action against the group. Last week, the Justice Department and FBI announced the seizure of several websites tied to Handala. Court filings linked the group to a cyberattack on Stryker, a Michigan-based medical technology firm employing more than 50,000 people worldwide, and suggested additional targeting of hospitals and medical services in Maryland.
Following those actions, Patel said: “We took down four of their operation’s pillars and we’re not done. We will hunt down every actor behind these cowardly death threats and cyber attacks.”
Handala dismissed the crackdown in a subsequent message: “The seizure of our domains, propaganda bombardment, threats of assassination, and even the looming shadow of aerial bombardment are nothing more than the latest desperate attempts by the United States and its allies to silence the voice of Handala.”
The breach comes amid heightened concern over Iranian cyber activity following U.S. and Israeli airstrikes that began on February 28. Security analysts have warned of increased retaliatory digital operations, with Microsoft previously cautioning that Iran showed no indication it was scaling back cyberattacks.
In August, FBI Assistant Director Brett Leatherman warned that a major Iranian cyber operation targeting U.S. infrastructure could be viewed as an act of war. With tensions elevated, analysts say Tehran may have fewer incentives to restrain affiliated hacking groups.
As of Thursday, Iran was experiencing a near-total internet blackout, according to the monitoring group NetBlocks, with access reportedly limited to a state-approved whitelist.
The episode highlights the persistent vulnerability of even senior U.S. officials to cyber intrusion, underscoring the broader challenge of deterring state-linked digital threats despite ongoing enforcement efforts.
[Read More: Trump Weighs Boots On The Ground]
Can we Counter?