In late March 2026, Handala — an Iranian state-linked hacktivist group that has previously conducted operations attributed to Iran’s IRGC — published photographs and alleged personal emails obtained from FBI Director Kash Patel’s personal email account. Handala posted the materials online as a demonstration of access to the FBI director’s personal communications. Kash Patel was confirmed as FBI Director in February 2025 following his nomination by President Trump. The breach of a sitting FBI Director’s personal email represents an extraordinarily sensitive national security incident, as the FBI Director has access to intelligence briefings, law enforcement sensitive information, and communications with senior US government officials. The use of a personal (non-government) email account for any official or semi-official communications creates a significant vulnerability exploitable by adversaries. Handala has been active since at least 2023 and has claimed credit for multiple cyberattacks against Israeli and US targets in conjunction with broader Iranian retaliatory activities. The FBI confirmed it was aware of the incident and investigating. The Department of Justice opened a criminal inquiry. Separately, US federal agents seized four web domains associated with Handala’s Iranian online leak infrastructure in the days following the Patel email disclosure — part of broader US government action to disrupt Iranian cyber-enabled influence operations. The Handala group was also responsible for the March 2026 Stryker Medical wiper attack.