FBI Director Kash Patel's personal Gmail hacked as Iran escalates cyberattacks on US officials

An Iran-linked hacktivist group has claimed responsibility for breaching the personal Gmail account of FBI Director Kash Patel, publishing photographs, a resume, and a sample of emails online. The FBI confirmed the incident on 27 March 2026, stating that the compromised material was historical in nature and contained no government information.

The group responsible, Handala Hack Team, posted photographs of Patel alongside documents it claimed were stolen from his personal account, including what appeared to be an older version of his professional resume. In a statement, the FBI said it had taken "all necessary steps to mitigate potential risks associated with this activity" and confirmed the breach involved no official government inboxes.

According to multiple US news media reports, a review of the leaked files found a sample of more than 300 emails appearing to show personal and professional correspondence dating between 2010 and 2019. News outlets noted they were unable to independently authenticate all of the messages, though the Gmail address Handala claimed to have accessed matched one linked to Patel in previous data breaches preserved by dark web intelligence firms.

Media reports described the contents as largely mundane, including photographs and messages exchanged with family members, correspondence related to personal tax filings, and communications with property leasing agents about Washington DC apartments Patel had considered renting more than a decade ago.

Context and claimed motive

Handala publicly said the attack was a direct response to an FBI operation the prior week that seized several of the group's domains. The group claimed responsibility for a destructive cyberattack on US medical technology company Stryker that reportedly wiped tens of thousands of employee devices. Accor’s devices. According to news reports, the seized websites returned online on new domains shortly after the FBI action.

Independent cybersecurity analysts cited in media coverage described the hack-and-leak operation as consistent with Iran's broader strategy of targeting senior US officials to cause reputational and psychological pressure, rather than to extract operationally sensitive intelligence. Experts also cautioned that groups such as Handala are known to exaggerate the scale and significance of their intrusions, and that independent verification of the full scope of the breach remains ongoing.

Not the first targeting of Patel

According to news reports citing sources familiar with the matter, this is not the first time Iranian-linked actors have targeted Patel's personal accounts. In late 2024, weeks before his confirmation as FBI Director, Patel was reportedly informed by officials that he had been targeted as part of a broader Iranian hacking campaign in which some of his personal communications had been accessed.

That earlier incident was reported as part of a wider foreign hacking effort targeting incoming Trump administration officials, with media reports naming China and Iran as the state actors involved. Other reported targets at the time included now-Deputy Attorney General Todd Blanche and Donald Trump Jr.

Broader escalation

News organisations covering the incident noted that Iran-linked cyber groups had maintained a relatively low profile following coordinated US and Israeli military strikes against Iran last month, but have increasingly publicised their operations as the conflict has continued. In addition to the Stryker attack, Handala has reportedly claimed the publication of personal data belonging to dozens of employees of US defence company Lockheed Martin stationed in the Middle East, as well as data linked to Israeli Defence Forces personnel.

The Justice Department has previously accused Handala of operating on behalf of Iran's Ministry of Intelligence and Security. The State Department has offered a reward of up to $10 million for information leading to the identification of the group's members.

Media reports noted that personal email breaches of senior government officials are not without precedent. In 2015, hackers broke into then-CIA Director John Brennan's personal account, and ahead of the 2016 US presidential election, hackers accessed the Gmail account of Hillary Clinton's campaign chairman John Podesta, with stolen material subsequently published publicly.