TL;DR
- Iran’s Handala Hack Team breached FBI Director Kash Patel’s personal Gmail and published 300+ emails spanning 2010–2019.
- The DOJ confirmed the material “appears authentic”; Handala claims they also accessed classified files — directly contradicting the FBI.
- OSINT researchers then dug up an Indian bank account, Cuba travel records, a Telegram bio with an Israeli flag ahead of the American one, and more.
The FBI director’s personal email was hacked. Iran did it. The DOJ confirmed it’s real. And Kash Patel hasn’t said a word.
Iran-linked Handala Hack Team claimed responsibility Thursday for breaching Patel’s personal Gmail account, publishing a sample of more than 300 emails spanning 2010 to 2019. The FBI confirmed the breach, saying it is “aware of malicious actors targeting Director Patel’s personal email information” — while noting the content is “historical in nature and involves no government information.”
Handala disputes the FBI’s framing. In their official statement, the group said they obtained “emails, conversations, documents, and even classified files” — a direct contradiction of the government’s downplaying. They added: “The so-called ‘impenetrable’ systems of the FBI were brought to their knees within hours by our team.”
“Kash Patel, the current head of the FBI, who once saw his name displayed with pride on the agency’s headquarters, will now find his name among the list of successfully hacked victims… If your director can be compromised this easily, what do you expect from your lower-level employees?”
— Handala Hack Team statement, March 27, 2026
The statement was dedicated to “the martyrs of the Dena destroyer” — a reference to Iranian military losses — and closed with a warning: “This is just our beginning.”
What the Kash Patel Email Hack Actually Exposed
The leaked archive covers a decade of personal and professional correspondence — including travel records, business dealings, and private life details. Among the disclosures: emails referencing an Indian bank account and residence in Baroda, India, and travel records showing a trip to Havana, Cuba.
Then the OSINT community got involved. Researchers at International Cyber Digest ran the leaked email aliases — “spiderkash” and “patelkpp” — through open-source databases and found a wide trail of accounts. Findings included a Mindbody fitness app listing Patel as female, an xVideos account under the handle “SpiderKash” created in January 2020 with video reviews left on the platform, an active eBay account, and Snapchat usage. Fashion purchases were traced to Hong Kong. His Gmail was reportedly still being accessed just hours after the breach went public.
One finding drew particular attention online: Patel’s Telegram bio apparently listed the Israeli flag before the American flag.
Who Is Handala — and Why They Targeted Patel
Handala isn’t new. Western intelligence and cybersecurity researchers have linked the group to Iran’s Ministry of Intelligence and Security (MOIS), and it has been escalating operations for months. In March, the group claimed a devastating wiper attack on medical devices company Stryker — allegedly erasing data from over 200,000 devices across 79 countries. They also leaked personal data on dozens of Lockheed Martin engineers working on F-35 and THAAD maintenance for Israeli military projects.
The Patel hack was direct retaliation. Days before the breach, the FBI seized Handala’s websites, with the DOJ calling them Iranian state-run “psychological operations.” The Trump administration simultaneously placed a $10 million bounty on Handala members’ heads.
Handala responded by hacking the man who runs the FBI.
Not the First Time: A Pattern of Trump-Era Security Failures
This isn’t an isolated incident. It fits a pattern.
Just last year, in what became known as “Signalgate,” Trump’s National Security Adviser Michael Waltz accidentally added The Atlantic’s editor-in-chief Jeffrey Goldberg to a senior officials’ Signal group chat — one being used to coordinate live military strikes on Houthi targets in Yemen. Defense Secretary Pete Hegseth had shared detailed attack plans in the chat: aircraft types, strike timing, targeting specifics. Two hours after Goldberg received the messages, U.S. airstrikes began.
The officials were using Signal — a consumer messaging app — to discuss what amounted to classified military operations.
The Trump administration offered no explanation for why classified information was being handled outside approved government systems either.
The officials running U.S. national security keep discussing it on apps that weren’t built for it, storing it in places it shouldn’t be, and getting caught.
The Silence — and the Contradiction
Patel has made no public statement. No press release, no social post, nothing.
The FBI’s official line — that the emails are “historical” and contain “no government information” — is now being openly challenged by the hackers themselves, who claim classified files are in the dump. Independent verification of the full archive hasn’t been completed, but the DOJ’s authentication of the sample means the baseline material is real.
It’s a striking moment: the same week that AI researchers warned that new models are becoming dangerously capable at exploiting systems faster than defenders can respond, the sitting FBI director had his personal inbox cracked by a foreign nation-state — using an account called SpiderKash.