FBI Hacked: Every Breach From 2011 to 2026 and What They Reveal

FBI hacked — how many times does the premier U.S. law enforcement agency need to be breached before the pattern looks structural?

FBI hacked: In March 2026 alone, three separate cybersecurity incidents struck the Federal Bureau of Investigation (FBI).

• First, suspected Chinese hackers penetrated the bureau’s wiretap and surveillance network through a supply-chain compromise discovered on February 17.

• Second, a Reuters exclusive published on March 11, 2026 revealed that a foreign hacker had accessed Jeffrey Epstein investigation files on an FBI server in 2023. The bureau suppressed that detail for three years.

• Third, on March 27, an Iran-linked group breached FBI Director Kash Patel’s personal email. The group published over 300 messages, photographs, and documents online.

Individually, each incident warrants scrutiny. Together, they add another chapter to a vulnerability record stretching back to 2011. Moreover, every new FBI hacked headline carries direct consequences for defence readiness, aerospace supply-chain security, intelligence-sharing confidence, and allied trust. This investigation traces the full timeline, compares sources, identifies what remains unresolved, and asks what the evidence implies for anyone who depends on the bureau’s digital integrity.

FBI Hacked: The 2026 Wiretap Network Breach Changes the Calculus

How the FBI cyber attack on DCS-3000 unfolded

On February 17, 2026, FBI analysts flagged abnormal log activity on the bureau’s Digital Collection System Network (DCS-3000). This internal, unclassified system — sometimes called Red Hook — manages court-authorised wiretaps, pen registers, trap-and-trace data, and Foreign Intelligence Surveillance Act (FISA) warrants. CNN broke the story on March 5, 2026, citing an anonymous source. The bureau confirmed the breach that same day.

“The FBI identified and addressed suspicious activities on FBI networks, and we have leveraged all technical capabilities to respond.” — FBI spokesperson, via TechCrunch

Notably, the compromised system held law enforcement sensitive information rather than classified intelligence. However, that distinction matters less than the FBI’s framing suggests. Specifically, the DCS-3000 stores personally identifiable information on FBI investigation subjects, including wiretap returns and other surveillance data, according to Malwarebytes. Consequently, the exposed material includes metadata showing which phone numbers surveillance targets dialled. It also includes personal details of people under investigation. Additionally, it includes legal process returns gathered under court orders.

The FBI breach path ran through a supply-chain side door

The attackers did not strike the FBI’s perimeter directly. Instead, they exploited a commercial Internet Service Provider (ISP) that served as a bureau vendor, according to Aardwolf Security. This approach bypassed the FBI’s own defences entirely. For aerospace professionals and defence contractors, this method will feel familiar. Adversaries increasingly target tier-two and tier-three suppliers rather than a prime contractor’s hardened perimeter.

By March 7, 2026, U.S. investigators suspected hackers affiliated with the Chinese government were responsible, according to the Wall Street Journal, as cited by State of Surveillance. Specifically, investigators are examining possible connections to Salt Typhoon. Salt Typhoon is the People’s Republic of China (PRC)-backed group that breached nine or more U.S. telecom companies in 2024. However, the FBI has not issued formal attribution. Until the investigation concludes, the responsible actor remains unconfirmed.

Moreover, the White House, National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Department of Homeland Security (DHS) all joined the probe. That interagency mobilisation signals a top-tier national security event. It does not signal a routine IT matter.

Why this FBI hacked revelation matters for defence and aerospace

The operational implications extend well beyond the FBI itself. Investigation subjects could discover they are under surveillance. Consequently, they could alter their behaviour or flee. Additionally, confidential informants face potential exposure. Criminal defendants may also challenge evidence integrity in court.

“The concern here is largely operational integrity and not necessarily data loss — at least not yet.” — Gabrielle Hempel, Security Operations Strategist, Exabeam, via Cybernews

“[The breach] comes at a time when federal cybersecurity capabilities are under increasing strain.” — Sally Vincent, Senior Threat Research Engineer, Exabeam, via Cybernews

Vincent added that many of the FBI’s top cyber leaders have reportedly left, retired, or been fired. That personnel drain matters for every active counterintelligence case. Institutional knowledge in counterintelligence is not easily rebuilt. Meanwhile, the DCS-3000 programme maintained a US$30 million budget in 2024, according to HigherGov data cited by Cybernews.

As explored in China Cyber Underworld Unmasked: The OPM Breach, Sakula, and the Evolution of Cybercrime, Chinese state-sponsored intrusion campaigns have followed a consistent playbook for over a decade. They identify the supply chain, compromise the vendor, move laterally, and extract intelligence value before detection. This FBI hacked revelation fits that operational model precisely. For every defence contractor whose classified programme depends on FBI counterintelligence protection, the conclusion is direct. Your programme is only as secure as the bureau’s weakest vendor.

Readers should watch for the FBI’s formal attribution announcement. They should also monitor whether Congress uses this breach to reshape FISA Section 702 reauthorisation debates. Additionally, any disclosure of compromised active investigations would change the damage assessment entirely.

The Epstein Files FBI Breach Exposed a Three-Year Secret

A server left exposed on Super Bowl Sunday

On March 11, 2026, Reuters published an exclusive revealing that a foreign hacker had compromised files related to the FBI’s Jeffrey Epstein investigation three years earlier. The hack occurred on February 12, 2023 — Super Bowl Sunday. Specifically, Special Agent Aaron Spivack had inadvertently left a server at the Child Exploitation Forensic Lab vulnerable. He was navigating the bureau’s complex digital evidence handling procedures at the time.

According to a timeline included in Justice Department documents, reported by the Hawaii Tribune-Herald via Reuters, Spivack discovered the intrusion the following day. He found a text file on his computer warning that his network had been compromised. Subsequently, further investigation revealed unusual activity. Someone had been browsing through files connected to the Epstein case.

The FBI reported the breach only as a general “cyber incident” in February 2023. Moreover, the French magazine Marianne first identified the connection to Epstein materials. However, the full details emerged only through Justice Department documents released under the Epstein Transparency Act. ABC News confirmed on March 11, 2026 that the FBI’s investigation remains ongoing.

What the FBI data breach implies for evidence integrity

This episode carries unique implications. The Epstein files contain information about influential figures across politics, finance, academia, and business. Consequently, their intelligence value extends far beyond criminal prosecution.

“Who wouldn’t be going after the Epstein files if you’re the Russians or somebody interested in kompromat?” — Jon Lindsay, Georgia Institute of Technology, via Reuters/Japan Times

Remarkably, the hacker apparently did not realise they had penetrated a law enforcement server. The intruder threatened to report the server’s owner to the FBI after encountering child abuse images, according to Gizmodo. Bureau agents eventually convinced the hacker through a video call. They displayed their credentials during the exchange.

Meanwhile, Spivack told internal investigators he was being made a scapegoat. He argued that complicated and conflicting IT policies were the actual culprit. The FBI called the incident “isolated.” However, that characterisation deserves scrutiny against the broader pattern. Specifically, an isolated breach that exposes files from one of the most politically sensitive investigations in modern American history is not minor. Several critical questions remain unanswered. It is unclear which specific files were accessed. Whether data was downloaded is also unknown. What became of any exfiltrated material remains a mystery. Each FBI hacked incident the bureau labels as isolated adds to a timeline that increasingly contradicts that word.

Readers should watch for two developments. First, whether the ongoing FBI investigation ever results in charges or a public damage assessment. Second, whether congressional oversight demands a full accounting of which Epstein files were exposed. Both outcomes would reshape the credibility of the FBI’s “isolated” framing.

Iran Strikes: The FBI Hacked at Director Level

Handala’s retaliatory FBI hack-and-leak operation

On March 27, 2026, the Handala Hack Team — an Iran-linked hacktivist group tied by U.S. prosecutors to Iran’s Ministry of Intelligence and Security (MOIS) — announced it had breached FBI Director Kash Patel’s personal Gmail account. The group published over 300 emails, personal photographs, travel records, and a copy of Patel’s resume.

“Patel will now find his name among the list of successfully hacked victims.” — Handala Hack Team, via TechCrunch

Moreover, TechCrunch independently verified the authenticity of leaked emails through cryptographic DomainKeys Identified Mail (DKIM) signatures in message headers. Reuters, via CNBC, confirmed the Gmail address matched records found in previous data breaches preserved by the dark web intelligence firm District 4 Labs. The stolen emails spanned approximately 2010 to 2022. They consisted primarily of personal and family correspondence — flight receipts, apartment leasing inquiries, tax conversations, and selfie photographs.

Additionally, Handala framed the attack as direct retaliation. On March 19, 2026, the FBI had seized several Handala web domains. The bureau simultaneously announced a US$10 million reward for information on the group’s members.

“While the FBI proudly seized our domains and immediately announced a $10 million reward … we decided to respond to this ridiculous show in a way that will be remembered forever.” — Handala Hack Team, via Axios

What the Patel FBI hack reveals about personal security gaps

The FBI confirmed the breach but downplayed its significance.

“The information in question is historical in nature and involves no government information.” — FBI spokesperson, via TechCrunch

However, that framing merits examination. While the leaked material appears to contain no classified data, one 2014 email reportedly showed Patel cross-referencing his Department of Justice (DOJ), FBI, and personal email addresses. That kind of mapping helps adversaries build a targeting profile for future operations.

Moreover, this was not the first time Iranian hackers had accessed Patel’s communications. In late 2024, Patel was informed that he had been targeted as part of a broader Iranian effort to access accounts for incoming Trump officials, according to CNN. That campaign also targeted now Deputy Attorney General Todd Blanche and Donald Trump Jr.

“[The Iranians are] firing whatever they have.” — Gil Messing, Chief of Staff, Check Point, via CNBC/Reuters

Furthermore, Axios reported that groups like Handala are known to exaggerate the scale of their hacks. Nevertheless, the DKIM verification by TechCrunch provides independent technical confirmation. At least some of the leaked material is authentic. Separately, Handala also claimed a destructive cyberattack against medical device company Stryker on March 11, reportedly wiping approximately 80,000 devices. The group also published personal data of Lockheed Martin employees stationed in the Middle East, according to The National. When a hacktivist proxy can retaliate within days of having its domains seized, the FBI hacked by its own target becomes a cautionary tale about the limits of offensive cyber disruption.

Readers should watch for whether Handala releases additional tranches of data. The group has hinted at holding more material in reserve. Additionally, the U.S. intelligence community’s assessment of Iran’s cyber retaliation capacity during the ongoing conflict will shape how seriously allied governments treat the risk.

FBI Hacked: The Full 15-Year Timeline of Cyber Failures

The hacktivist era: early FBI hack targets from 2011 to 2013

The FBI’s cyber vulnerability story begins well before 2026. During the summer of 2011, hacking groups LulzSec and Anonymous launched coordinated attacks under the banner of Operation AntiSec. Specifically, attackers hacked and defaced InfraGard chapters in Atlanta and Connecticut. Meanwhile, Booz Allen Hamilton, a major FBI and Department of Defense (DoD) contractor, was breached. The attackers leaked approximately 90,000 military email accounts and passwords.

On July 29, 2011, ManTech International — the FBI’s US$100 million cybersecurity contractor — suffered a breach. The hackers published roughly 400 megabytes of stolen internal documents online. These included NATO contracts, U.S. Army documents, and personnel files. Ironically, the ManTech hack was partly orchestrated by FBI informant Hector “Sabu” Monsegur. He directed AntiSec hackers to steal the data while the bureau monitored the operation, as reported by VICE.

Subsequently, in February 2012, Anonymous intercepted a confidential conference call between the FBI and Scotland Yard. The 17-minute recording discussed strategy for arresting Anonymous members. Irish police had forwarded the invitation to a personal email that 19-year-old hacker Donncha O’Cearrbhail had previously compromised. Then in September 2012, AntiSec claimed to have stolen 12 million Apple Unique Device Identifiers (UDIDs) from an FBI laptop. The FBI denied the claim. A digital publishing company named BlueToad later took responsibility. Even in those early FBI hacked incidents, a pattern of denial followed by grudging acknowledgement was already forming.

Social engineering exposed deeper FBI hack vulnerabilities (2015–2017)

The next phase shifted toward social engineering and insider compromise. In 2015, the Office of Personnel Management (OPM) breach — carried out by Chinese state-sponsored hackers — exposed 22.1 million security clearance records. These included SF-86 background investigation forms. Consequently, FBI employees who had undergone background checks through OPM were directly affected. As detailed in China Cyber Underworld Unmasked, the OPM breach was a watershed moment in Chinese cyber-espionage. Specifically, the stolen SF-86 forms reveal an individual’s vulnerabilities, foreign contacts, financial history, and psychological profile. That is precisely the material a foreign intelligence service needs for recruitment or coercion.

Also in late 2015, a teenage hacking group called Crackas With Attitude (CWA) social-engineered a DOJ help desk. They tricked an operator into providing an access token to a restricted intranet portal, as reported by Nextgov/FCW. Subsequently, they downloaded and published the personal information of approximately 20,000 FBI employees and 9,000 DHS employees. The exposed data included names, job titles, phone numbers, and email addresses. NBC News covered the ensuing investigation. A court later sentenced the group’s leader, 16-year-old British teenager Kane Gamble, to two years in prison.

Additionally, in January 2017, hackers stole 900 gigabytes of data from Cellebrite. Cellebrite is the Israeli mobile forensics firm that reportedly helped the FBI unlock the San Bernardino shooter’s iPhone. A hacker subsequently dumped Cellebrite’s iOS-bypassing tools publicly. The accompanying message served as a pointed warning to the FBI about building surveillance backdoors.

Nation-state FBI cyber attack campaigns escalate to core systems (2020–2026)

The most consequential phase began with the SolarWinds attack. Russia’s Foreign Intelligence Service (SVR), also tracked as APT29 or Cozy Bear, inserted the SUNBURST backdoor into SolarWinds Orion software updates. The backdoor was active from approximately March 2020 until its discovery in December 2020. Consequently, the DOJ confirmed that 27 U.S. Attorneys’ offices had employee Microsoft 365 email accounts compromised. Specifically, 80% of accounts in the four New York offices were breached. Hackers accessed all sent, received, and stored emails from May 7 through December 27, 2020, as reported by FedScoop. Moreover, NPR confirmed in July 2021 that Russian hackers tied to SolarWinds had specifically compromised federal prosecutors.

In November 2021, a hacker exploited a software misconfiguration in the FBI’s Law Enforcement Enterprise Portal (LEEP). He sent approximately 100,000 hoax emails from the legitimate FBI address [email protected]. The perpetrator, Conor Brian Fitzpatrick (“Pompompurin”), later claimed responsibility to KrebsOnSecurity. Authorities arrested him in March 2023 as the administrator of BreachForums. BleepingComputer reported the incident demonstrated how even basic misconfigurations could weaponise the bureau’s own email infrastructure. Notably, the FBI hacked through nothing more than a misconfigured web portal — that fact alone should have triggered a fundamental security rethink.

The InfraGard FBI breach and Salt Typhoon escalation (2022–2025)

Then in December 2022, a hacker using the handle “USDoD” put the full member database of InfraGard up for sale on BreachForums for US$50,000. InfraGard is the FBI’s public-private critical infrastructure information-sharing programme. USDoD had social-engineered his way in by applying for membership using the stolen identity of a financial corporation chief executive, as detailed by KrebsOnSecurity in December 2022. Despite the FBI’s supposed vetting process, the bureau approved the application within weeks. The attacker then used a Python script to extract contact information for over 80,000 members. Moreover, the same hacker also claimed breaches of European aerospace giant Airbus and the U.S. Environmental Protection Agency, according to The Record from Recorded Future News. Dark Reading reported the hacker listed the stolen data for sale on a dark web forum. Brazilian authorities arrested USDoD — identified as 33-year-old Luan BG from Belo Horizonte — in October 2024, as reported by KrebsOnSecurity.

Salt Typhoon and the FBI hack exposure across U.S. telecom infrastructure

Meanwhile, Salt Typhoon’s infiltration of U.S. telecom Communications Assistance for Law Enforcement Act (CALEA) wiretap systems in 2024 compromised the very infrastructure the FBI depends on for surveillance. The group accessed metadata for over one million users. It even recorded phone conversations of senior political figures. Senator Mark Warner called it the worst telecom hack in American history. Our Fliegerfaust analysis of Chinese space threats and counter-LEO tactics examined how Beijing’s multi-domain strategy extends from orbit to undersea cables. The telecom compromise fits squarely within that escalation pattern. At each stage, the FBI hacked timeline has grown more consequential and more damaging.

Additionally, in October 2025, a hacking collective calling itself Scattered LAPSUS$ Hunters published personal data of hundreds of FBI, DHS, and DOJ officials on Telegram channels. The leaked files included approximately 170 FBI email addresses and their owners, as reported by Dataconomy.

Readers should watch for formal indictments connected to the Salt Typhoon campaign. They should also monitor whether the FBI revises its InfraGard vetting procedures in response to the USDoD prosecution. Both outcomes will signal how seriously the bureau treats the structural vulnerabilities these incidents exposed.

Why the FBI Keeps Getting Hacked and Why Aerospace Should Care

Supply-chain FBI breach risks mirror aerospace procurement vulnerabilities

The recurring theme across 15 years of FBI breaches is not any single technical failure. Instead, it is a structural dependence on third parties, vendors, and contractors whose security the bureau cannot fully control. The 2011 ManTech breach, the 2020 SolarWinds compromise, the 2022 InfraGard social engineering, and the 2026 wiretap ISP exploitation all share the same root cause. In each case, adversaries attacked through trusted partners rather than hardened perimeters.

This pattern will be immediately recognisable to aerospace professionals. Defence supply chains face identical risks. A prime contractor may maintain rigorous cybersecurity standards. However, a tier-two or tier-three subcontractor with weaker controls becomes the entry point. As our Fliegerfaust reporting on Boeing’s China negotiations has explored, the intersection of commercial aviation relationships and geopolitical competition creates exactly the kind of dual-use exposure that state-sponsored hackers exploit. Consequently, when the FBI’s own surveillance network can be penetrated through a vendor ISP, the implication for defence contractors is tangible and immediate. The same pattern of exploiting trusted infrastructure extends beyond cyber. Our Fliegerfaust report on Panama-flag detentions and canal trade risk examined how Beijing has used port inspection regimes to pressure supply chains serving U.S.-linked interests.

Defence readiness and the FBI hack consequences

The FBI’s counterintelligence mission directly protects aerospace and defence industrial security. Specifically, the bureau investigates technology theft, monitors foreign intelligence officers on U.S. soil, and safeguards classified programmes. Consequently, every breach that undermines the FBI’s operational integrity weakens that protective shield.

Consider the practical chain of events. Salt Typhoon compromised telecom wiretap systems in 2024. Then suspected Chinese hackers penetrated the FBI’s own DCS-3000 wiretap network in 2026. Together, those two breaches may give Beijing visibility into both the commercial telecom layer and the law enforcement layer of American surveillance. The pattern suggests — though does not yet confirm — a systematic campaign to neutralise U.S. intelligence collection capabilities. That possibility should concern every cleared contractor managing sensitive programmes. Meanwhile, the Iran war has simultaneously diverted U.S. ships, bombers, and presidential attention into the Middle East, as our Fliegerfaust investigation into Taiwan invasion timing and Beijing’s strategic window explored in detail.

Moreover, our Fliegerfaust investigation into the Caracas operation and cyber-enabled warfare examined how layered cyber intrusion, electronic attack, and intelligence preparation now define modern operations. The FBI’s repeated breaches fit within that broader domain contest. Each new FBI hacked disclosure sends a signal to adversaries and allies alike about the state of U.S. cybersecurity posture.

What the evidence does not yet reveal about the FBI hacked pattern

Several critical questions remain unresolved. Responsible analysis requires acknowledging those gaps rather than filling them with invention.

First, the FBI has not formally attributed the 2026 wiretap breach. Suspicion falls on Chinese government-affiliated hackers. However, suspicion is not attribution. Until a formal determination is made, the responsible actor remains unconfirmed.

Second, the full scope of the wiretap breach is unknown. The FBI says it “identified and addressed” the suspicious activity. Yet the bureau has not disclosed how long the attackers had access. It has not said how much data was exfiltrated. It has not clarified whether active investigations were compromised. The difference between a brief intrusion and a sustained presence is enormous.

Third, the Epstein files breach raises questions about whether data was downloaded. What happened to any exfiltrated material is also unknown. Moreover, the FBI’s description of the incident as “isolated” does not explain the three-year delay in disclosing the Epstein connection.

Fourth, the Patel breach illustrates a persistent gap. Senior officials continue using personal email accounts that lack the hardened security of government systems. Adversaries have exploited this vulnerability repeatedly since at least 2015. Specifically, CWA hackers compromised the personal account of the Central Intelligence Agency (CIA) Director in October 2015. They breached the Director of National Intelligence (DNI) weeks later in January 2016. The pattern persists because the underlying behaviour has not changed.

Finally, the question of cumulative damage remains open. No public assessment has examined what happens when a sophisticated adversary aggregates the intelligence value across multiple breaches spanning years. When you combine OPM security clearance files, telecom wiretap metadata, FBI surveillance target information, and personal email mapping of senior officials, the composite picture may be far more damaging than any single incident suggests. That risk deepens further when American technology platforms themselves become conduits. Our Fliegerfaust investigation into Meta’s alleged censorship cooperation with Beijing examined whistleblower testimony that Meta routed data through Chinese-accessible infrastructure and delivered AI tools now linked to Chinese military systems.

That aggregation risk is the unasked question at the heart of every FBI hacked revelation involving a foreign power.

Conclusion: The FBI Hacked Pattern Demands a Structural Answer

What the 15-year FBI hack record tells us

The record is now extensive enough to support a measured investigative judgment. Between 2011 and 2026, the FBI has been hacked, breached, or had its affiliated systems compromised at least 13 documented times. Those threat actors have ranged from teenage hacktivists to Russian intelligence. They have included opportunistic cybercriminals, Chinese state-sponsored groups, and Iranian government proxies. Moreover, the attack vectors have spanned social engineering, supply-chain compromise, software misconfiguration, insider theft, and personal account exploitation.

What distinguishes the current moment is not frequency alone. Instead, it is targeting. Early breaches embarrassed the FBI. However, recent breaches target its core intelligence collection capabilities. Chinese hackers have now potentially compromised wiretap infrastructure at both private telecoms and the FBI itself. Meanwhile, Iranian hackers have targeted the FBI Director personally. Separately, a foreign criminal stumbled into Epstein investigation files because an agent left a server exposed. Each incident alone might be containable. Together, they describe a degrading perimeter around the bureau’s most sensitive work.

What the FBI hacked pattern means for defence and aerospace

For the aerospace and defence community, the implications are direct and practical. The FBI’s counterintelligence mission protects the industrial base. Consequently, every breach that degrades that mission increases the risk of undetected technology theft. It raises the likelihood of compromised classified programmes. Moreover, it erodes allied trust in U.S. information-sharing arrangements. Investors, contractors, and allied governments all calibrate their confidence based on demonstrated security — not on reassuring statements.

The FBI consistently describes each incident as contained, isolated, or historical. Yet the growing FBI hacked record tells a different story. It is a story of recurring systemic vulnerability that no single patch, personnel change, or press statement has resolved.

What do you think?

The deeper question is structural: can an agency built for physical investigation adapt fast enough to defend itself in a domain where the adversary moves at machine speed? Can it secure a chain where the weakest vendor becomes the widest door? Can it protect intelligence that adversaries aggregate across years of patient collection? Those questions remain open. For every contractor, ally, and intelligence partner who depends on the FBI’s digital integrity, how much longer can the answer wait?

Leave your answers and comments below and on our Fliegerfaust Facebook page.

FBI hacked – Sources

• CNN — FBI investigating ‘suspicious’ cyber activities on critical surveillance network (March 5, 2026).
• TechCrunch — FBI investigating hack on its wiretap and surveillance systems: Report (March 5, 2026).
• CBS News — FBI confirms its networks were targeted by “suspicious” cyber activities (March 6, 2026).
• The Register — FBI investigating breach that reportedly hit wiretapping net (March 8, 2026).
• Malwarebytes — Hackers may have breached FBI wiretap network via supply chain (March 2026).
• Security Boulevard — Hackers may have breached FBI wiretap network via supply chain (March 2026).
• Cybernews — Hackers found inside FBI wiretap and surveillance network (March 2026).
• State of Surveillance — FBI Investigating Hack of Wiretap and Surveillance Systems (March 2026).
• Aardwolf Security — FBI Wiretap Breach: What Happened and Why It Matters (March 2026).
• UPI — FBI investigates suspicious breach of its networks (March 6, 2026).
• Nextgov/FCW — FBI is probing ‘suspicious’ breach into bureau networks (March 2026).
• Nextgov/FCW — Justice, DHS Probe Hack Allegedly Made Possible By DOJ Help Desk (February 2016).
• Reuters/U.S. News — Foreign hacker in 2023 compromised Epstein files held by FBI (March 11, 2026).
• ABC News — Hacker accessed FBI server that included Epstein files in 2023 (March 11, 2026).
• TechCrunch — Hacker broke into FBI and compromised Epstein files, report says (March 11, 2026).
• Gizmodo — A Foreign Hacker Accessed FBI Files on Epstein Back in 2023: Report (March 11, 2026).
• Modern Diplomacy — Hackers Breached FBI Epstein Files (March 11, 2026).
• Newsweek — Epstein Files Update: Foreign Hacker Breached FBI Documents in New York Cyber Incident (March 2026).
• Japan Times/Reuters — Foreign hacker in 2023 compromised Epstein files FBI held (March 12, 2026).
• Hawaii Tribune-Herald/Reuters — Foreign hacker in 2023 compromised Epstein files held by FBI (March 12, 2026).
• CNN — Iran-linked hackers have breached FBI Director Kash Patel’s personal emails (March 27, 2026).
• TechCrunch — Iranian hackers claim breach of FBI director Kash Patel’s personal email account (March 27, 2026).
• CNBC/Reuters — Iran-linked hackers breach FBI Director Kash Patel’s personal email (March 27, 2026).
• NBC News — Iranian hackers publish emails allegedly stolen from Kash Patel (March 27, 2026).
• Axios — Iran-linked group claims hack of FBI Director Kash Patel (March 27, 2026).
• Al Jazeera — FBI director Kash Patel’s emails, photos hacked by Iran-linked group (March 27, 2026).
• The National — Iran-linked Handala hacking group breached FBI and obtained Kash Patel photos (March 27, 2026).
• BleepingComputer — FBI confirms hack of Director Patel’s personal email inbox (March 29, 2026).
• BleepingComputer — FBI system hacked to email ‘urgent’ warning about fake cyberattacks (November 2021).
• KrebsOnSecurity — FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked (December 2022).
• KrebsOnSecurity — Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach (October 2024).
• The Record — Hacker allegedly behind attacks on FBI, Airbus, National Public Data arrested in Brazil (October 2024).
• Dark Reading — Stolen Data on 80K+ Members of FBI-Run InfraGard Reportedly for Sale (December 2022).
• FedScoop — DOJ reveals 27 U.S. Attorneys offices had emails compromised in SolarWinds hack (2021).
• NPR — Russians Tied To The SolarWinds Cyberattack Hacked Federal Prosecutors, DOJ Says (July 2021).
• VICE — How an FBI Informant Helped Orchestrate the Hack of an FBI Contractor.
• NBC News — Justice, Homeland Security Probe Hack of DHS, FBI Employee Data (2016).
• Dataconomy — Telegram Channel Hosts Massive Leak Of DHS, FBI, And DOJ Officials’ Data (October 2025).
• KrebsOnSecurity — Hoax Email Blast Abused Poor Coding in FBI Website (November 2021).
• Wikipedia — Salt Typhoon.
• Wikipedia — 2015 Office of Personnel Management data breach.
• N. Spector — China Cyber Underworld Unmasked: The OPM Breach, Sakula, and the Evolution of Cybercrime.

For full details, please refer to our Disclaimer page.