The director of the FBI kept a personal Gmail account. Iranian government-linked hackers found their way in. Now they’re publishing what they took.

On Friday, a hacking group calling itself Handala published more than 300 emails and photographs that it claims were pulled from FBI Director Kash Patel’s personal inbox. A Justice Department official confirmed the breach to Reuters, saying the material appeared authentic. TechCrunch verified several of the leaked emails using cryptographic signatures embedded in the message headers — a technical check that strongly suggests the files are genuine.

The photographs show a younger Patel smoking cigars, riding in an antique convertible, and posing with a large bottle of rum. The emails, according to multiple outlets that reviewed them, span from roughly 2010 to 2019 — years before Patel joined the Trump administration or took the helm at the FBI. The most recent file appears to be a plane ticket receipt from 2022.

The content is largely personal. But the breach itself is the story.

A Personal Inbox in a Sensitive Job

Patel was warned in late 2024 that he was being targeted by Iranian hackers before he accepted the FBI director role, according to NBC News. U.S. officials told him that hackers working for Iran’s Islamic Revolutionary Guard Corps had sought his communications in the lead-up to the 2024 election, part of a broader campaign targeting political figures affiliated with both Donald Trump and Joe Biden.

Despite that warning, Patel’s personal Gmail account — the same address linked to him in previous third-party data breaches — remained active and apparently accessible.

The hackers didn’t need to break into government systems. They needed to break into Gmail.

Retaliation, Not Espionage

Handala framed the leak as retaliation. Last week, the FBI and Justice Department seized four domains associated with the group, formally accusing Iran’s Ministry of Intelligence and Security of operating Handala as part of its psychological operations. The State Department simultaneously offered a $10 million reward for information on Iranian hackers threatening U.S. critical infrastructure.

“The FBI shouldn’t have started a confrontation and conflict with us,” the group posted on its Telegram channel Thursday, according to NBC News. That channel has since been deleted.

The timing suggests this wasn’t a fresh intrusion. Alex Orleans, head of threat intelligence at cybersecurity firm Sublime Security, told NBC News that the material appears to be older data that Iranian actors had been holding in reserve.

“Looks like something they had sitting around,” Orleans said. “Iranian actors sit on all kinds of odds and ends for a rainy day.”

Orleans noted that if the hackers had more recent or damaging material, they likely would have released it. The curated dump — arranged into folders last modified in May 2025 — appears to be what they had on the shelf.

The Broader Digital Offensive

The Patel leak is one piece of a larger Iranian cyber campaign that has intensified since the U.S.-Israeli war against Iran began in February.

Handala’s most significant claim to date is the March 11 attack on Stryker, a Michigan-based medical device manufacturer. The group said it wiped tens of thousands of employee devices in a destructive malware attack. Stryker confirmed it was restoring systems but said its products remained safe.

The group has also published personal details of individuals it claims are Israeli Defense Forces members and local defense contractors.

When the FBI seized Handala’s domains last week, the group was back online within a day on new addresses. Ari Ben Am, an adjunct fellow at the Foundation for Defense of Democracies, told Reuters that such takedowns have never significantly slowed Iranian hacking operations.

“Handala alone has had tens of Telegram channels, X accounts and domains taken down,” Ben Am said.

The Institutional Question

If the director of the FBI can be compromised through a personal email account, the implications extend beyond one official’s privacy.

Western intelligence agencies have spent years warning government personnel — particularly those in sensitive positions — to avoid using personal email and messaging services for any work-related communication. The FBI itself has investigated similar breaches targeting political figures, including the 2016 hack of John Podesta’s Gmail account.

Patel’s emails predate his government service, so there’s no indication yet that classified or operationally sensitive information was exposed. But the breach demonstrates how personal digital footprints can become vulnerabilities, especially for public figures who have been explicitly warned they’re being targeted.

The FBI did not immediately respond to a request for comment. Google, which operates Gmail, did not respond to requests for comment from multiple outlets.

Handala has at times exaggerated its claims — it recently said it hacked an Israeli telecom company that denied any breach. But the authentication of at least some of the Patel files suggests this intrusion was real.

Iran is fighting a war on multiple fronts. This is what the digital front looks like.

Sources