FBI’s Epstein Investigation Files Compromised in 2023 Cyber Breach by Foreign Hacker
In February 2023, a foreign hacker infiltrated a server at the FBI’s New York field office, accessing files related to the bureau’s investigation of the late sex offender Jeffrey Epstein. The breach, first reported by Reuters and CNN on February 17, 2024, occurred when a server in the FBI’s child exploitation forensic lab was left vulnerable due to procedural errors by Special Agent Aaron Spivack.
The intrusion was discovered on February 13, 2023, after Spivack found a text file warning of the compromise. Internal documents revealed the hacker had searched through Epstein-related files, though it remains unclear whether data was exfiltrated or which specific records were accessed. The FBI described the incident as an “isolated” cyber incident, stating it had restricted access and remediated the network, though its investigation is ongoing.
A source familiar with the breach indicated the hacker was likely a cybercriminal rather than a state actor, though the incident highlights the intelligence value of Epstein’s files. The release of U.S. Justice Department documents in recent years has exposed Epstein’s ties to high-profile figures, sparking global investigations. Security experts, including Georgia Tech’s Jon Lindsay, have noted the potential for foreign intelligence services to exploit such material for kompromat (compromising information).
The hacker reportedly expressed shock upon encountering child abuse imagery on the server and threatened to report the owner to law enforcement. FBI officials defused the situation by convincing the hacker of their identity via a video call, during which they displayed law enforcement credentials. The hacker’s identity, origin, and motives remain unknown, as does whether any data was retained or disseminated.
The breach stemmed from Spivack’s attempt to navigate the FBI’s complex digital evidence protocols, according to internal documents. Spivack, who has been involved in the Epstein investigation, denied responsibility, citing conflicting bureau policies and inadequate IT guidance. The outcome of the FBI’s internal review is unclear.
Many of the Justice Department’s Epstein-related documents remain heavily redacted or withheld, with the Trump administration citing protections for victims and ongoing investigations. The incident underscores the persistent risks of cyber intrusions targeting sensitive law enforcement data.
Source: https://www.theguardian.com/us-news/2026/mar/11/fbi-epstein-files-hacker-break-in
Federal Bureau of Investigation (FBI) cybersecurity rating report: https://www.rankiteo.com/company/fbi
"id": "FBI1773239371",
"linkid": "fbi",
"type": "Breach",
"date": "2/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Potentially victims of Jeffrey '
'Epstein investigation',
'industry': 'Law Enforcement',
'location': 'New York, USA',
'name': 'Federal Bureau of Investigation (FBI)',
'size': 'Large',
'type': 'Government Agency'}],
'attack_vector': 'Exploited procedural errors and server vulnerability',
'data_breach': {'data_exfiltration': 'Unclear',
'personally_identifiable_information': 'Likely (victims, '
'witnesses, and '
'persons of interest '
'in Epstein '
'investigation)',
'sensitivity_of_data': 'High (involves child exploitation, '
'high-profile individuals, and '
'national security implications)',
'type_of_data_compromised': 'Investigative files, child abuse '
'imagery, personally identifiable '
'information (PII) of victims and '
'persons of interest'},
'date_detected': '2023-02-13',
'date_publicly_disclosed': '2024-02-17',
'description': 'In February 2023, a foreign hacker infiltrated a server at '
'the FBI’s New York field office, accessing files related to '
'the bureau’s investigation of the late sex offender Jeffrey '
'Epstein. The breach was discovered after a text file warning '
'of the compromise was found. The hacker searched through '
'Epstein-related files, though it remains unclear whether data '
'was exfiltrated or which specific records were accessed.',
'impact': {'brand_reputation_impact': 'Potential reputational damage to FBI '
'due to sensitive data exposure',
'data_compromised': 'Files related to Jeffrey Epstein '
'investigation, possibly including child abuse '
'imagery',
'operational_impact': 'Restricted access to affected server; '
'ongoing investigation',
'systems_affected': 'FBI New York field office server (child '
'exploitation forensic lab)'},
'initial_access_broker': {'entry_point': 'Unsecured server in FBI’s child '
'exploitation forensic lab',
'high_value_targets': 'Epstein investigation files'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Need for clearer IT protocols and guidance for handling '
'sensitive digital evidence; risks of procedural errors in '
'high-security environments; importance of securing '
'servers containing highly sensitive data.',
'motivation': 'Potential intelligence value (kompromat), financial gain, or '
'opportunistic access',
'post_incident_analysis': {'corrective_actions': 'Internal review; restricted '
'server access; network '
'remediation',
'root_causes': 'Procedural errors by Special Agent '
'Aaron Spivack; inadequate IT '
'guidance; complex digital evidence '
'protocols; unsecured server '
'access'},
'recommendations': 'Review and simplify digital evidence handling procedures; '
'enhance IT training for agents; implement stricter access '
'controls for sensitive servers; conduct regular security '
'audits of forensic labs.',
'references': [{'date_accessed': '2024-02-17', 'source': 'Reuters'},
{'date_accessed': '2024-02-17', 'source': 'CNN'}],
'response': {'communication_strategy': 'Public disclosure via Reuters and '
'CNN; internal review',
'containment_measures': 'Restricted access to the affected '
'server',
'incident_response_plan_activated': 'Yes',
'remediation_measures': 'Network remediation; ongoing '
'investigation'},
'threat_actor': 'Foreign hacker (likely cybercriminal, not state actor)',
'title': 'FBI’s Epstein Investigation Files Compromised in 2023 Cyber Breach '
'by Foreign Hacker',
'type': 'Data Breach',
'vulnerability_exploited': 'Procedural errors by Special Agent Aaron Spivack; '
'unsecured server in child exploitation forensic '
'lab'}