Hacking collective Handala, linked to Iran, claims it breached the personal Gmail of FBI Director Kash Patel and published a cache of his personal emails, photos, and documents dating from roughly 2011 to 2022 on its site.

Reuters corroborated the breach through a Justice Department official, and the reporting places Handala within a broader pattern of Iran-linked cyber activity, including attacks on other targets and disclosures of personal details tied to Israeli defense entities.

Tech news outlets sought comment from Patel and others and noted they would provide contact details for further information as the investigation unfolds.

U.S. officials warn of ongoing cybersecurity risks from Tehran-linked actors amid heightened regional tensions, suggesting such operations may be used for leverage or intimidation.

The cyber activity by Iranian actors follows recent escalations in U.S.-Israel strikes against Iran, with experts noting that the attacks often aim to disrupt or pressure rather than cause direct government breaches.

Cable news outlets reported on the investigation, with anchors and reporters discussing the findings as part of ongoing coverage.

Handala has previously claimed assaults on targets such as Stryker and other entities, framing actions as retaliation for U.S. military actions against Iran and aligning with pro-Iranian and pro-Palestinian messaging.

The published materials include personal, business, and travel correspondence, with authenticity suggested by people familiar with the incident.

Historical precedents of similar breaches, such as high-profile Gmail and AOL breaches in past years, are cited to illustrate how less sophisticated hacks can still have public impact.

The FBI and the Department of Justice say the information involved is historical and not connected to government data, with steps taken to mitigate potential risks.

Handala has previously targeted Patel and other perceived Trump-associated officials, reflecting a pattern of retaliatory cyber operations linked to Iran.

U.S. intelligence and the DOJ attribute the attackers to Iran’s Ministry of Intelligence and Security, and authorities have taken actions such as seizing related websites.