Kash Cowed: Iranian Hackers Breach FBI Director Kash Patel’s Personal Email, Publish Photos and Documents Online

Iran-linked hackers successfully breached FBI Director Kash Patel’s personal Gmail account and published photographs, documents and emails spanning more than a decade, in what cybersecurity experts are calling the most significant cyberattack of the ongoing U.S.-Israeli war against Iran.

The Handala Hack Team, a pro-Iranian hacking group that Western researchers have linked to Iran’s Ministry of Intelligence and Security, claimed responsibility for the breach on Friday, March 27, 2026, posting materials from Patel’s personal email account on its website.

A Justice Department official confirmed to Reuters that Patel’s email had been breached and that the material posted online appeared authentic.

The Scope of the Breach

The stolen emails appear to date from around 2011 to 2022 and include personal, business and travel correspondence that Patel had with various contacts, according to a preliminary CNN review of the files with the help of an independent cybersecurity researcher.

Reuters reported that a sample of the material reviewed appeared to show a mix of personal and work correspondence dating between 2010 and 2019, though the agency noted it was not able to immediately authenticate all the emails published by Handala.

The hackers uploaded a cache of files they claim came from Patel’s personal Gmail account, according to TechCrunch, which confirmed that at least some of the leaked emails were from Patel’s alleged Gmail account by verifying information contained within the message headers.

The Disclosures

The Handala Hack Team posted a handful of photos of Patel standing next to cars with Cuban license plates and smoking cigars, according to Axios, which viewed the post on Handala’s website.

Al Jazeera reported that some of the photos show Patel beside an antique sports convertible, posing with a cigar in his mouth and standing in front of a mirror with a bottle of rum.

The group also shared a purported snippet of an older version of Patel’s personal resume, according to Axios and multiple other outlets.

TechCrunch reported that the leaked materials included “several pictures of a visibly younger Patel” along with the cache of email files.

Despite the hackers’ boasts about breaching “impenetrable” FBI systems, what the hacking group obtained was “something much more mundane — a breach of things like family photos and details on Patel’s previous search for an apartment,” according to independent cybersecurity researcher Ron Fabela, cited by CNN.

The FBI emphasized in its statement that “the information in question is historical in nature and involves no government information,” according to CBS News, TechCrunch and Newsweek.

The FBI Response

“The FBI is aware of malicious actors targeting Director Patel’s personal email information, and we have taken all necessary steps to mitigate potential risks associated with this activity,” an FBI spokesperson told TechCrunch, CBS News and Newsweek in a statement.

The FBI also announced that the State Department has offered a $10 million reward for information leading to the identification of the Handala Hack Team, according to CBS News and TechCrunch.

This is not the first time Iranian-backed hackers have targeted Patel. In late 2024, just weeks away from being appointed to lead the FBI, Patel was informed by officials that he had been targeted as part of an Iranian hack and some of his personal communications had been accessed, according to CNN.

The 2024 hack was part of a broader effort by foreign hackers — from China and Iran — to access accounts for incoming Trump officials including now Deputy Attorney General Todd Blanche, former interim U.S. Attorney for the Eastern District of Virginia Lindsey Halligan and Donald Trump Jr., CNN reported.

The Handala Hack Team “emerged in late 2023 and has since evolved into a disruptive and highly visible cyber threat actor, primarily targeting Israeli interests and organizations linked to them.”

The Hackers’ Message

In its online post, the Handala Group appeared to announce its successful attack against Patel’s email and referenced the recent seizure of its domains by the U.S. government, saying, “We decided to respond to this ridiculous show in a way that will be remembered forever,” according to CBS News.

“Kash Patel, the current head of the FBI, who once saw his name displayed with pride on the agency’s headquarters, will now find his name among the list of successfully hacked victims,” the group stated, according to multiple outlets.

The hackers bragged that the “impenetrable” systems of the FBI were “brought to their knees within hours by our team,” according to The Washington Times.

“All personal and confidential information of Kash Patel, including emails, conversations, documents, and even classified files, is now available for public download,” Handala claimed on its website, according to Newsweek.

However, the FBI’s statement directly contradicted the claim about classified files, emphasizing that the breach involved “no government information.”

Who is Handala?

Handala, which calls itself a group of pro-Palestinian vigilante hackers, is considered by Western researchers to be one of several personas used by Iranian government cyberintelligence units, according to CNBC.

The Handala Hack Team “emerged in late 2023 and has since evolved into a disruptive and highly visible cyber threat actor, primarily targeting Israeli interests and organizations linked to them,” according to Cyble, an artificial intelligence-powered cybersecurity company.

The group is widely believed, including by Israel’s cybersecurity industry and the Justice Department, to be a cyber persona operated by Iran’s Ministry of Intelligence and Security, according to The Washington Times.

The Iran-linked hacking group was also behind a cyberattack earlier this month that disrupted business operations at Stryker, a major U.S. medical device maker, according to CNN.

Since the U.S.-Israeli war against Iran started in February, Handala has ramped up its hacks, most notably claiming responsibility for a destructive attack against Stryker that wiped tens of thousands of employee devices, according to TechCrunch.

The hackers said the Stryker attack was in retaliation for a U.S.-Israeli missile strike on an elementary school in Minab in southern Iran that killed more than 170 people, most of them schoolgirls, according to Al Jazeera.

The hackers have also published the personal details of several people who are allegedly part of the Israeli Defense Forces and local defense contractors, according to TechCrunch.

In another cyber incident, the Justice Department alleged that Handala Group had posted the names and sensitive other data from approximately 190 individuals associated with or employed by the Israeli Defense Force or Israeli government, according to CBS News.

U.S. Countermeasures

On March 19, 2026, the U.S. Department of Justice announced it had seized four domains used by Iran’s Ministry of Intelligence and Security, including sites linked to Handala, which had been used to hack U.S. and other targets in recent weeks, according to Newsweek.

“Iran thought they could hide behind fake websites and keyboard threats to terrorize Americans and silence dissidents,” FBI Director Kash Patel said in a press release on March 19 — just eight days before the hackers breached his own personal email, according to Newsweek.

The Justice Department responded to the hack of the medical device company by seizing websites used by the Iran-linked hackers to disrupt their operations, CNN reported. But the Iranian cyber operatives have continued to claim victims and spread propaganda.

Iran is known to lean on proxy groups like Handala for its cyber operations — making it more difficult for targeted entities to formally attribute attacks to the Iranian government, according to Axios.

Experts have warned that the Iranian government will likely pursue both destructive cyberattacks against critical infrastructure and online influence operations designed to create confusion and chaos during the war, Axios reported.

Significance of the Breach

If fully confirmed, this would be the most significant cyberattack of the ongoing war between the U.S., Israel and Iran, and could put an uncomfortable spotlight on Patel, according to Axios.

The Gmail address the hackers said they accessed matched an address previously linked to Patel in older data breaches tracked by the dark web intelligence firm District 4 Labs, according to Newsweek.

For Patel, already a controversial figure as FBI director due to his close ties to President Trump and previous scandals including his removal from CISA leadership, the breach adds another layer of scrutiny to his tenure leading the nation’s premier law enforcement agency during a time of heightened international tensions.