Pro-Iranian Hackers Breach FBI Director Kash Patel's Personal Gmail, Publish 300 Emails and Photos

A pro-Iranian hacker group calling itself Handala published more than 300 emails from FBI Director Kash Patel's personal Gmail account on Friday, releasing a trove of private correspondence and photographs that spanned more than a decade. The FBI confirmed the breach and said it had "taken all necessary steps to mitigate potential risks," adding that the stolen information was "historical in nature and involves no government information."

Handala, which Western cybersecurity researchers assess with high confidence to be a persona operated by Iranian government intelligence services, announced the hack via Telegram on March 27. The group said the intrusion was direct retaliation for the FBI's seizure of Handala's internet domains the previous week, as part of a broader U.S. effort to disrupt Iranian influence operations conducted through social media and disinformation campaigns tied to the ongoing war with Iran.

The leaked emails dated from 2010 to 2019 and contained personal correspondence, scheduling records, and what appeared to be exchanges with political contacts and media figures from Patel's years as a congressional investigator and senior National Security Council official. The personal photographs included images of Patel smoking cigars, riding in a convertible, and posing for selfies at various events. Patel, 44, is a close ally of President Trump who was confirmed as FBI director in February 2025 after a contentious Senate vote.

The State Department responded by issuing a notice offering a $10 million reward for information identifying members of the Handala Hack Team under the Rewards for Justice program, which compensates individuals who provide information leading to the identification or disruption of state-sponsored cybercriminals. A senior law enforcement official, speaking on condition of anonymity because the investigation is ongoing, said investigators were working to determine whether any classified information had been stored in Patel's personal account in violation of federal records-handling requirements, though no such finding had been made.

The breach came at a particularly sensitive moment for the FBI, which is simultaneously managing counterintelligence operations related to the Iran conflict, overseeing the physical security of federal buildings amid the ongoing wave of domestic protests, and dealing with a separate controversy after Trump administration officials reportedly ordered FBI agents to gather decade-old documents related to Representative Eric Swalwell of California. Cybersecurity analysts at Mandiant and CrowdStrike issued advisories following the Handala announcement warning government officials and senior private-sector executives to audit their personal email accounts and enable hardware security keys as a second authentication factor, noting that the tactic of using personal accounts to access professional contacts' information has become a standard Iranian intelligence technique.