
Audio By Carbonatix
FBI Director Kash Patel's personal email account has been hacked by an Iran-linked group, the agency has confirmed.
A group, known as the Handala Hack Team, shared Patel's purported resume and photos of him on its website on Friday along with a statement that says: "This is just our beginning."
The FBI said it was aware of "malicious actors" targeting Patel's email information. "The information in question is historical in nature and involves no government information."
The agency is offering up to $10m (£7.5m) for information that helps in identifying members of the Handala group.
Iranian-backed hackers were reported to have breached Patel's private communications in 2024, weeks before he was appointed to lead the FBI. It is not clear if that breach was different from the one claimed by the Handala group on Friday.
Photos Handala claims to have taken from Patel's email account have been circulating on social media with the group's logo added as a watermark.
The photos show Patel at various unidentified locations, including standing beside a vintage convertible, smiling next to a jet, smoking and sniffing cigars, taking a selfie next to a bottle of liquor, and posing in what appear to be restaurants and hotels.
The BBC has not independently verified the leaked documents.
Cynthia Kaiser, senior vice-president at Halcyon Ransomware Research Center, told the BBC that Friday's release was likely from a historical breach.
"The emails look very old and that makes me believe that this is likely a compromise that occurred from other groups in another time period, and is recycled today," Kaiser, who has worked at the FBI's Criminal, Cyber, Response, and Services Branch, said.
The Handala group said in its statement announcing the hack that the "so-called 'impenetrable' systems of the FBI were brought to their knees within hours by our team. This is the security that the US government boasts about?! This is the cyber giant that thinks threats and bribes can silence the voice of resistance?!"
Experts say this kind of operation on a senior US government official may not take much sophistication to achieve.
"Personal accounts don't have the same level of protection and alerting as government systems, so these are often an attractive target for hackers," said Dave Schroeder, director of National Security Initiatives at the University of Wisconsin–Madison.
"Handala consistently tries to gain this type of access because it serves their interests to claim hacks of prominent people and organizations," Schroeder added.
Last week, the US justice department seized several Handala domain names it says were involved in hacking schemes linked to the Islamic Republic of Iran.
The department said Iran's Ministry of Intelligence and Security (MOIS) had been using the Handala websites to spread "terrorist propaganda", conduct "attempted psychological operations targeting adversaries of the regime", claim credit for hacking activity, and call for the killing of journalists and dissidents.
The domain used to carry out the hack against Patel was registered the same day the justice department announced it had seized the four domains associated with the group, on 19 March, CBS News, the BBC's US partner, reported.
Handala said its hacking of Patel's email account was in retaliation for the FBI's seizure of its websites, as well as for the FBI offering a reward of $10m for information on similar malicious attacks.
Earlier in March, Handala group also claimed responsibility for the cyber-attack on US medical technology firm Stryker.
The incident saw the company's employee login defaced with a message claiming data had been erased in a "wiper" attack by the Iran-backed group of hacktivists.
In a post at the time on their now-suspended X account, Handala claimed it had wiped "over 200,000 systems, servers and mobile devices", and extracted "50 terabytes of critical data".
The group said the Stryker cyber-attack was "in retaliation for the brutal attack" on an Iranian girls' school at the start of the war, in which more than 160 people were killed, as well as "in response to ongoing cyber assaults against the infrastructure" of Iran and its allies.
Latest Stories
-
Asiedu Nketia calls for overhaul of global economic order, says Africa’s sovereignty remains incomplete
17 minutes -
Sahel extremist groups pushing south toward Ghana, CDS warns of growing security threat
23 minutes -
Edward Debrah writes: Flood prevention in Accra
32 minutes -
NPP laid foundation for flood control, don’t ignore achievements – Baffour Awuah
37 minutes -
NADMO registers 1,401 victims after Odawna Rubber Market fire disaster
48 minutes -
GARID delays due to fiscal constraints, not neglect — Atta Issah defends government
53 minutes -
Solvent governments may default if they lack liquidity to repay loans – World Bank
1 hour -
It’s not a they problem, it’s our problem: We must learn to speak up regardless
1 hour -
NADMO, Zoomlion launch multi-site drain clearing exercise to curb flooding in Greater Accra
1 hour -
PR professionals embrace AI at WPRD Festival 2026 MasterLAB
2 hours -
Minority Women’s Caucus condemns attack on Adwoa Safo, demands full police probe
2 hours -
Body of teenage girl retrieved from vehicle at Alajo after floods
2 hours -
EPA eyes redeployment of idle Zodiac boat to fight water pollution and flooding
2 hours -
Flood victims in Accra to receive free NHIS registration as health authorities warn of disease risk
2 hours -
Parliament ratifies air services agreements with six countries to boost connectivity
3 hours