Iran-Linked Hackers Breached Kash Patel’s Personal Email, FBI Says No Government Data Was Taken

Iran-linked hackers accessed FBI Director Kash Patel’s personal email account and posted stolen photos and documents online, according to a person familiar with the breach who confirmed the incident to CNN. The FBI has confirmed the hack, said no government information was taken, and says it is working to identify the group behind the attack.

The material posted by the hackers appears to come from Patel’s private inbox rather than FBI systems. A cybersecurity researcher who reviewed the files told CNN that the incident looks less like a government breach and more like exposure of personal correspondence, family photos and other private records.

What the hackers disclosed

The group published images that it claimed were taken from Patel’s personal email account. A source familiar with the matter confirmed the photos were authentic, adding weight to the hackers’ claim that the account had been compromised.

A preliminary review of the files by CNN, with help from an independent cybersecurity researcher, suggested the stolen emails span roughly from 2011 to 2022. The archive appears to include personal, business and travel messages shared with a range of contacts.

Among the items described in the files were family photos and information about Patel’s earlier search for an apartment. Cybersecurity researcher Ron Fabela said the material did not point to a systemic FBI failure.

1. Personal photos and documents were posted online.
2. The emails appear to cover more than a decade of correspondence.
3. The material seems to include a mix of private, business and travel-related messages.
4. The FBI says no government information was compromised.

Fabela described the incident in blunt terms, saying, “This isn’t an FBI compromise — it’s someone’s personal junk drawer.”

FBI response and threat assessment

The FBI said it was aware of “malicious actors targeting Director Patel’s personal email information” and had taken steps to reduce the risk. The bureau also said it would continue to pursue the actors responsible, support victims and share intelligence to defend networks.

The agency is offering a $10 million reward for information leading to the identification of the “Handala Hack Team,” which the FBI says has repeatedly targeted U.S. government officials. That reward reflects the seriousness with which federal authorities are treating the broader campaign behind the breach.

The bureau’s statement also placed the incident in the context of cyber defense priorities under President Trump’s cyber strategy. It said the FBI would keep working with partners to respond to the threat and to gather actionable intelligence.

Why the breach matters

U.S. intelligence officials have warned for some time that Tehran-linked hackers could retaliate after the U.S. and Israel carried out bombing attacks on Iran. That warning gives added context to this breach, which appears to fit a pattern of politically motivated cyber activity.

This is also not the first time Iranian-backed hackers have accessed Patel’s private information. In late 2024, officials told him that he had been targeted in an Iranian hack and that some of his personal communications had been accessed.

That earlier incident was part of a broader foreign hacking campaign aimed at accounts tied to incoming Trump officials. Targets included now Deputy Attorney General Todd Blanche, former interim U.S. Attorney for the Eastern District of Virginia Lindsey Halligan and Donald Trump Jr.

A wider cyber campaign linked to Iran

The group claiming responsibility for Patel’s email breach has also been tied to another recent intrusion that disrupted operations at a major U.S. medical device maker. In that case, the hackers said they were acting in response to a missile strike on an elementary school in Iran.

Iranian state media claimed the strike killed at least 168 children, while the Pentagon said it was investigating the incident. The claim shows how cyberattacks are increasingly being used as a channel for retaliation, messaging and pressure.

The Justice Department has accused the hackers of working for Iran’s Ministry of Intelligence and Security. After the medical device company attack, the department seized websites used by the hackers in an effort to disrupt their operations.

Key points from the breach

The breach highlights how personal accounts tied to senior U.S. officials remain attractive targets for state-linked hacking groups. Even when classified systems are not affected, the exposure of private correspondence can still create security risks, political pressure and public scrutiny.