Foreign Hacker Breach of FBI New York Field Office Exposed Epstein Investigation Files
A foreign, unidentified hacker breached the FBI’s New York Field Office in 2023 and accessed files tied to the bureau’s investigation of Jeffrey Epstein, according to Reuters reporting based on a source familiar with the incident and Justice Department/court documents. The intrusion reportedly stemmed from a server at the Child Exploitation Forensic Lab that was inadvertently left vulnerable by an FBI special agent working the case; a court document described the actor as having “combed through” certain Epstein-related files.
The FBI said it contained the affected network, assessed the incident as isolated, restricted the actor’s access, and remediated the exposed network, while noting the investigation remains ongoing. Additional reporting identified the agent as Aaron Spivack and cited a timeline indicating the break-in occurred on February 12, 2023; Reuters also reported the hacker allegedly did not realize they had accessed FBI systems until agents contacted them and requested a video call where they displayed their credentials.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Reuters and other outlets publicly reported the FBI Epstein-file breach
Reuters reported on March 11, 2026, that a foreign hacker had compromised Epstein-related FBI files during the 2023 intrusion, citing a source familiar with the matter and court or Justice Department documents. Other outlets subsequently matched the reporting and noted the FBI investigation remains ongoing.
Justice Department documents disclosed details of the 2023 compromise
Documents released earlier in 2026 under the Epstein Transparency Act included an FBI timeline stating the break-in occurred on February 12, 2023, bringing the incident's details into the public record.
FBI detected suspicious activity and contained the intrusion
The day after the breach, an FBI agent identified suspicious activity from two IP addresses following a network compromise alert. The bureau said it isolated the affected network, restricted the actor's access, and remediated the system.
Foreign hacker breached FBI New York server and accessed Epstein files
On February 12, 2023, an unidentified foreign hacker reportedly broke into an FBI New York Field Office server used by the Child Exploitation and Human Trafficking Task Force and accessed files tied to the Jeffrey Epstein investigation.
FBI server exposing Epstein-related files was left vulnerable
A server at the FBI New York Field Office's Child Exploitation Forensic Lab was reportedly inadvertently left vulnerable by Special Agent Aaron Spivack while handling digital-evidence procedures, creating the conditions for later unauthorized access.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
FBI’s Epstein files reportedly compromised in 2023 | brief | SC Media
scworld.com
Open sourceHacker broke into FBI and compromised Epstein files, report says | TechCrunch
techcrunch.com
Open sourceForeign hacker in 2023 compromised Epstein files held by FBI, source and documents show - DataBreaches.Net
databreaches.net
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
China-Linked Breach Hit FBI Surveillance Network and Exposed Sensitive Case Data
The FBI confirmed that **suspicious cyber activity** targeted one of its internal surveillance networks, and officials later classified the intrusion as a **"major incident"** under FISMA because of the potential national security impact. Reporting indicates the affected environment included systems tied to the FBI’s Virgin Islands operations, where attackers accessed highly sensitive law-enforcement information, including **pen register** and **trap-and-trace** returns as well as personally identifiable information connected to active investigations. The bureau said it detected unusual activity in February, informed lawmakers in early March, and publicly acknowledged that the activity had been contained while the investigation continued. Multiple reports said investigators linked the operation to **China**, and that the attackers appear to have reached FBI systems through a commercial internet service provider’s vendor infrastructure rather than by directly breaching the bureau first. The incident prompted a broader U.S. government response, with the White House convening officials from the FBI, NSA, and CISA and the Justice Department establishing a working group to strengthen resilience and incident response. The breach was reported as separate from another cyber matter involving the FBI director’s personal email, underscoring that the bureau was confronting several cyber threats at the same time.
May 25, 2026
DOJ Document Alleges Jeffrey Epstein Had a ‘Personal Hacker’ Selling Zero-Day Exploits
The U.S. Department of Justice released a document from the *Epstein Files* stating that a confidential FBI informant alleged in 2017 that Jeffrey Epstein had a “personal hacker.” The document does not reflect verified FBI findings and is heavily redacted, leaving the accuracy and reliability of the claims unclear; the FBI declined to comment and DOJ did not respond to media requests. According to the informant’s allegations, the hacker was an Italian born in Calabria who specialized in finding vulnerabilities in **iOS**, **BlackBerry** devices, and the **Firefox** browser, and who developed and sold **zero-day exploits** and other offensive cyber tools to multiple governments, including the U.S. and the U.K. The informant also claimed the hacker sold a zero-day to **Hezbollah** in exchange for “a trunk of cash,” and the DOJ document includes additional unverified assertions about the individual’s business ties (including a company reportedly acquired by **CrowdStrike** and a subsequent VP role).
Mar 21, 2026
FBI Investigates Suspected Intrusion Affecting Wiretap and Surveillance Management Systems
The **FBI confirmed it detected and remediated “suspicious activities” on its networks** and said it is using “all technical capabilities” to respond, but provided no additional details on scope, impact, or attribution. Reporting citing an anonymous source indicated the activity may have affected a **digital system used to manage and conduct surveillance**, including workflows tied to **foreign intelligence surveillance warrants, wiretaps, and pen registers** (used to trace communications metadata such as IP addresses and dialed numbers). Public reporting did not establish who was responsible or when the activity occurred, and it was **unclear whether the incident is connected** to prior compromises of U.S. lawful-intercept and surveillance-related infrastructure (including earlier reporting about **Salt Typhoon** activity targeting U.S. wiretapping systems). The incident follows a pattern of repeated targeting of U.S. government networks; the FBI has previously disclosed other intrusions and security events affecting parts of its environment, underscoring ongoing operational risk to sensitive investigative and surveillance support systems even when public details remain limited.
Apr 3, 2026