The director of the Federal Bureau of Investigation has had his personal email hacked by an Iranian cyber-warfare group — and the contents are now online for the world to see. Handala, a hacking collective linked to the Iranian government, published a sample of more than 300 emails from Kash Patel’s personal Gmail account on Friday, along with personal photographs spanning years of his private life.

The emails appear to be a mix of personal and professional correspondence dating from 2010 to 2019 — years before Patel became FBI director. The hackers also published photographs of a younger Patel smoking cigars, posing in an antique convertible, and taking a mirror selfie with a large bottle of rum.

The FBI’s response

The Bureau moved quickly to contain the damage. A spokesperson said the FBI was “aware of the breach and has taken all necessary steps to mitigate potential risks,” adding that “the information in question is historical in nature and involves no government information.”

That distinction matters. If the hackers had accessed Patel’s current government communications, the breach would be a national security catastrophe. The FBI insists this is limited to an old personal account. But the optics are devastating: the man who runs America’s premier law enforcement agency cannot keep his own email secure.

Why now?

Handala says the breach is retaliation for the FBI’s seizure of several of the group’s domains last week. The Bureau took that action after Handala claimed responsibility for a destructive cyberattack on US medical technology company Stryker, which disrupted hospital supply chains across the eastern United States.

Since the US-Israeli war against Iran began in late February, Handala has dramatically escalated its operations. The group has claimed credit for attacks on critical infrastructure, corporate targets, and now the personal accounts of senior government officials. The Stryker attack alone caused an estimated $400 million in losses.

The $10 million bounty

The FBI is offering up to $10 million in rewards for information leading to the identification or location of the Handala hackers. That bounty places the group in the same category as the most dangerous cyber threats the US government tracks.

The breach raises uncomfortable questions about the cybersecurity posture of America’s top officials during wartime. If the FBI director’s personal email can be compromised, what about the personal accounts of the defence secretary, the CIA director, or the president himself? Iran may not be winning the war in the air, but in cyberspace, it is landing punches.