Pro-Iran hackers published more than 300 emails and photos Friday from what appears to be a personal email account for FBI Director Kash Patel.
In a statement, an FBI spokesman acknowledged the Iranian campaign. "The FBI is aware of malicious actors targeting Director Patel’s personal email information, and we have taken all necessary steps to mitigate potential risks associated with this activity. The information in question is historical in nature and involves no government information," the spokesman said.
The hacking group, called Handala, indicated on its website that the leak was in retaliation after the FBI and Justice Department seized several of its websites last week, accusing the group of “psychological operations” and saying it was a front for Iran’s Ministry of Intelligence and Security. The State Department offered a reward of up to $10 million for information on Iranian hackers threatening U.S. critical infrastructure.
Earlier this month, Handala took credit for the sole significant destructive cyberattack against an American company, medical tech supplier Stryker, since the war between Iran and the U.S. and Israel began.
NBC News did not forensically verify all the emails as authentic.
The group published on its website several photos of Patel that do not appear to have previously been made public, according to an NBC News review through several reverse-image searches. The hacked emails appear to have been sent from or to a personal Gmail account that is listed as belonging to Patel in at least one public government document. Gmail didn’t respond to a request for comment.
Handala posted on its Telegram channel on Thursday that the FBI “shouldn’t have started a confrontation and conflict with us.” It also said it would soon post evidence of “the biggest security breach of the past decade.” That Telegram channel has since been deleted. Telegram didn’t respond to a request for comment.
All of the emails predate Patel’s work with the Trump administration, and metadata from the files indicate they were hacked before the war began. The emails Handala posted are curated and are arranged into folders last modified on May 21, 2025. Most of the emails are dated between 2010 and 2012, and the most recent is a plane ticket receipt from 2022.
In one email in the dump from 2014 — when he worked in the Justice Department’s National Security Division — Patel appears to have used his DOJ email to send himself a link, cc’ing both his FBI address at the time and his personal Gmail
Many of the emails are personal and involve correspondence among Patel’s family. Some are of Patel appearing to be on a trip to Cuba.
U.S. officials told Patel in late 2024 that he had been the target of an Iranian cyberattack before he agreed to lead the FBI, and that the hackers had sought his communications.
In the lead-up to the 2024 election, the FBI, Microsoft and Google each said that hackers working for Iran’s Islamic Revolutionary Guard Corps had tried to hack multiple political figures, including affiliates of Donald Trump and Joe Biden when he was running for re-election.
The hackers do not appear to have leaked files from Democrats. But a hacker persona calling itself “Robert” approached multiple news outlets, including NBC News, with stolen vetting documents for three of Trump’s top choices for vice president ahead of Election Day. NBC News and several other news outlets declined to publish the files and did not see substantial new information in them.
The Robert persona told Reuters in 2025 that it planned to leak more emails it had stolen from Trump allies, though it’s not clear whether that materialized. A Signal account previously used by the Robert persona did not respond to a request for comment from NBC News.
Handala often takes credit for hacking companies and then posting some hacked files on its site. It has at times exaggerated its claims. Earlier this month, it claimed to have hacked Verifone, an Israeli telecom company, though a Verifone spokesperson told NBC News it had not experienced any attacks on or disruptions to its systems.
Alex Orleans, the head of threat intelligence at the cybersecurity company Sublime Security, told NBC News that Iran appears to have hacked Patel earlier and had strategically waited to release the files.
“Looks like something they had sitting around,” Orleans said. “Iranian actors sit on all kinds of odds and ends for a rainy day.”
“Given recent controversies surrounding Patel, I expect the Iranians would’ve chosen to release significantly more contemporary — and potentially embarrassing — content if they had a recently open line of access as opposed to something they had on the shelf,” he said.
