Iran-linked hackers claimed they had accessed FBI Director Kash Patel’s personal email inbox.
The group Handala Hack Team published photographs of Donald Trump’s law enforcement chief and other documents to the internet on Friday.
On their website, they said Patel “will now find his name among the list of successfully hacked victims”.
Personal images shows Patel sniffing and smoking cigars, riding in an antique convertible and making a face while taking a picture of himself in the mirror with a large bottle of rum.
A Department of Justice official confirmed that Patel’s email had been breached and said the material published online appeared authentic.
The FBI and the hackers did not respond to a request for comment.
Handala, which presents itself pro-Palestinian vigilantes, is considered by Western researchers to be one of several personas used by Iranian government cyberintelligence units.
It recently claimed the hack of Michigan-based medical devices and services provider Stryker on March 11, saying they had deleted a massive trove of company data.
Alongside the photographs of Patel, the activists published a sample of more than 300 emails, which appear to show a mix of personal and work correspondence dating between 2010 and 2019.
Reuters said it was not able to independently authenticate the Patel messages, but the personal Gmail address that Handala claims to have broken into matches the address linked to Patel in previous data breaches preserved by the dark web intelligence firm District 4 Labs.
Alphabet-owned Google, which runs Gmail, did not immediately respond to a request for comment.
JUST IN - FBI director Kash Patel's personal email address hacked, says DOJ. This comes only a day after Iran-linked Handala hacking group claims it breached the FBI: "Soon you will realize that the FBI's security was nothing more than a joke." pic.twitter.com/XeuogL8I0Y
— Disclose.tv (@disclosetv) March 27, 2026
Iran-linked hackers - who initially kept a low profile after the United States and Israel launched coordinated strikes against the Islamic Republic last month - have increasingly boasted of their cyber operations as the conflict drags on.
In addition to the hack against Stryker, Handala on Thursday claimed to have published the personal data of dozens of Lockheed Martin employees stationed in the Middle East.
In a statement, the defence firm said it was aware of the reports and had policies and procedures in place “to mitigate cyber threats to our business”.
Gil Messing, chief of staff at Israeli cybersecurity company Check Point, said the hack-and-leak operation against Patel was part of Iran’s strategy to embarrass US officials and “make them feel vulnerable”.
The Iranians, he said, are “firing whatever they have”.
It is not unusual for foreign hackers to target senior officials’ personal emails, and breaches and leaks both happen periodically.
Hackers famously broke into Hillary Clinton campaign chairman John Podesta’s personal Gmail account ahead of the 2016 election and published much of the data to the WikiLeaks site.
In 2015, teenage hackers broke into then-CIA director John Brennan’s personal AOL account and leaked data about US intelligence officials.
Relatively unsophisticated breaches of this nature are in line with an intelligence assessment reviewed by Reuters on March 2.
It said Iran and its proxies could respond to the killing of Iranian Supreme Leader Ayatollah Ali Khamenei with low-level hacks against American digital networks.
Iran-linked hackers may have other emails in reserve.
