Key keywords: Iran-linked hackers, Kash Patel personal email breach, FBI Director data leak, US government official cyberattack, Iranian cyber espionage, 2024 US cybersecurity incident, Moses Staff hacking group On Thursday, US federal cybersecurity officials and representatives from the Federal Bureau of Investigation officially confirmed that Iran-affiliated threat actors have successfully breached multiple personal email accounts belonging to recently appointed FBI Director Kash Patel, marking one of the most high-profile cyberattacks targeting a sitting US law enforcement leader in recent years. The breach was first detected by Patel’s personal security team in late October, when unusual login attempts from IP addresses traced to Tehran and several proxy servers across the Middle East were registered on his private Gmail and iCloud accounts. A preliminary review of the account activity shows that the hackers had access to Patel’s inboxes for approximately 12 days before the breach was contained, exfiltrating more than 7 gigabytes of data including private family communications, personal travel itineraries dating back to 2022, unclassified work-related notes he had saved to his personal cloud storage, and contact information for dozens of his personal acquaintances and non-public facing FBI staff. Earlier this week, the Iran-linked hacking group known as Moses Staff, which has been tied to multiple previous attacks targeting US government officials and private sector entities since 2021, posted redacted screenshots of Patel’s email content on its public Telegram channel, claiming the attack was retaliation for the US government’s recent expansion of sanctions against the Islamic Revolutionary Guard Corps’ cyber operations division. FBI officials noted in an official press briefing that no classified government information was stored in Patel’s personal accounts, and that there is no evidence that the hackers gained access to any official FBI networks or secure communication systems. Patel released a personal statement on X (formerly Twitter) on Wednesday afternoon, stating that he had followed all FBI security protocols for personal device use, and that he was cooperating fully with the ongoing joint investigation by the FBI Cyber Division and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). Cybersecurity experts have emphasized that this breach highlights a critical vulnerability in US government security frameworks, which often focus extensive resources on protecting official networks but provide limited guidance and monitoring for senior officials’ personal digital accounts. CISA has since issued a nationwide advisory for all federal government employees, urging them to enable multi-factor authentication on all personal and work accounts, avoid storing any work-related materials on personal devices or cloud services, and report any unusual account activity immediately to their agency’s cybersecurity team.