The US Federal Bureau of Investigation has acknowledged that the personal email account of its director, Kash Patel, was targeted by what it described as “malicious actors,” after a group claiming links to Iran published alleged materials online.

The group, calling itself the Handala Hack Team, released what it said were documents and images taken from Patel’s private account, accompanied by a statement suggesting further disclosures could follow. Some of the material has since circulated widely on social media, carrying the group’s watermark, though its authenticity has not been independently verified.

In a brief response, the FBI said it was aware of the incident and indicated the information involved appeared to be historical and did not include government data. The agency did not elaborate on how the breach occurred or when the underlying compromise may have taken place.

Cybersecurity analysts familiar with the matter suggested the timing of the release may not reflect a recent intrusion. Cynthia Kaiser, a senior vice-president at Halcyon Ransomware Research Center, told the BBC the content appeared dated, raising the possibility it originated from an earlier breach and has now resurfaced.

That assessment aligns with earlier reports indicating Iranian-backed hackers had accessed Patel’s private communications in 2024, shortly before his appointment to lead the FBI. It remains unclear whether the latest claims relate to that episode or represent a separate incident.

The images attributed to the breach show Patel in a range of informal settings, including near a vintage convertible, beside a jet, and in what appear to be restaurants and hotels. Their circulation has drawn attention not only for their content but also for the broader implications of personal account security among senior officials.

Experts note that private email accounts often lack the layered protections found in government systems, making them more vulnerable to intrusion. Dave Schroeder, who directs national security initiatives at the University of Wisconsin–Madison, said such accounts can be attractive targets for groups seeking visibility as much as access.

The Handala group has previously claimed responsibility for other cyber operations and, according to US authorities, has been linked to activities associated with Iran’s Ministry of Intelligence and Security. The US Justice Department said recently it had seized several domains tied to the group, alleging they were used for propaganda and cyber operations.

The same group framed the alleged breach of Patel’s account as retaliation for those actions, as well as for a standing FBI reward of up to $10 million for information leading to the identification of individuals behind similar cyber activities.

In recent weeks, Handala has also claimed involvement in an attack on a US medical technology firm, though those claims have not been independently confirmed.