On Friday, March 27, 2026, the hacker group Handala published photographs, a resume, and years of email correspondence taken from FBI Director Kash Patel's personal Gmail account. The group posted the material on its website along with the message: "Kash Patel, the current head of the FBI, who once saw his name displayed with pride on the agency's headquarters, will now find his name among the list of successfully hacked victims." A Justice Department official confirmed to Reuters that Patel's personal email had been compromised and that the published material appeared authentic. The emails reviewed by multiple outlets appear to span from 2010 to 2019 and include a mix of personal, business, and travel correspondence. The FBI said it was offering up to $10 million for information about Handala's members.
Who Handala Is.
Handala Hack Team describes itself as a pro-Palestinian, pro-Iranian hacking collective. Western cybersecurity researchers and the US Justice Department consider it to be one of several online personas operated by Iran's Ministry of Intelligence and Security. It is not an independent activist group — it is effectively an arm of the Iranian government conducting deniable cyber operations. Earlier this month, Handala claimed responsibility for a destructive cyberattack on Stryker, a Michigan-based medical technology company, that wiped tens of thousands of employee devices. The Justice Department responded by seizing four of Handala's web domains and announcing the $10 million reward. Handala's stated reason for hacking Patel: revenge for those domain seizures. Their message: "If your director can be compromised this easily, what do you expect from your lower-level employees?"
On March 19, Patel announced the seizure of Handala's domains at a press conference, saying: "Iran thought they could hide behind fake websites and keyboard threats to terrorize Americans and silence dissidents." Eight days later, Handala published his Gmail.
This Is the Second Time. He Was Warned.
This is not the first Iranian breach of Patel's private communications. In late 2024 — weeks before he was appointed to lead the FBI — Patel was informed by officials that he had been targeted as part of an Iranian hack and that some of his personal communications had been accessed. That 2024 hack was part of a broader effort by Chinese and Iranian hackers to access incoming Trump officials' private accounts, including now-Deputy Attorney General Todd Blanche and others. Patel was warned. He became FBI director. He was still using a personal Gmail account for a decade of correspondence. The FBI's own guidance to the public and to federal employees has long warned against using personal email for any sensitive communications. The FBI director was using Gmail. Iran hacked it.
What the FBI Says Was in It. What Handala Claims.
The FBI said in a statement that "the information in question is historical in nature and involves no government information." Handala claims to have published "personal and confidential information of Kash Patel, including emails, conversations, documents, and even classified files." The discrepancy between "no government information" and "classified files" has not been resolved publicly. The leaked material reviewed by multiple outlets showed personal correspondence, a resume, and photographs — including pictures of Patel standing beside cars with Cuban license plates and smoking cigars. TechCrunch independently verified that some of the leaked emails came from Patel's Gmail by checking information in the message headers. The Gmail address matched one previously linked to Patel in older data breaches tracked by a dark web intelligence firm. The material's authenticity has not been disputed by Patel or the DOJ — only its classification status.
This post distinguishes between documented facts, allegations, and analysis. Where motive, intent, corruption, or illegality remains disputed in the public record, the text attributes that judgment to court findings, official records, direct quotes, or the reporting linked below.
- CNN: DOJ official confirmed breach; emails appear authentic; 2024 hack of Patel confirmed; broader Iranian hacking campaign targeting Trump officials.
- Axios: Handala's stated motivation (domain seizure retaliation); Cuba license plate photos; $10M reward announced; Handala considered backed by Iranian intelligence.
- TechCrunch: Independent verification of emails via message headers; Gmail address confirmed via dark web data breach records; FBI statement "no government information" explained.
- CNBC / Reuters: DOJ official confirms breach; Reuters unable to independently authenticate full dump but sample appears authentic; Handala previously attacked Stryker medical tech.
- Newsweek: Full Handala statement published; FBI offering $10M reward for Handala members; group called FBI "just a name" with "no real security."