A foreign hacker compromised files tied to the FBI's investigation of sex offender Jeffrey Epstein during a breach at the bureau's New York Field Office in 2023, according to documents first reported by CNN and Reuters in February, with new details emerging from the latest document release.
The exposure of sensitive law enforcement files raises uncomfortable questions about the FBI's capacity to safeguard its own systems, particularly those holding material of significant national and international interest. According to a source familiar with the matter and recently published Department of Justice documents, the breach occurred during an effort to navigate routine evidence-handling procedures.
The hack was discovered by Special Agent Aaron Spivack, who inadvertently left a server vulnerable at the Child Exploitation Forensic Lab at the FBI's New York Field Office while trying to navigate the bureau's complex procedures for handling digital evidence, with the breach occurring on February 12, 2023. Spivack discovered the breach the day after, when he turned on his computer and found a text file telling him his network had been compromised.
The hack took advantage of a server at the Child Exploitation Forensic Lab that was inadvertently left vulnerable by the FBI special agent working on the case. Investigators found that part of that breach included the hacker combing through certain files pertaining to the Epstein investigation.
The incident exposes a deeper problem within the FBI: the tension between operational security and operational complexity. In the aftermath of the breach, Spivack told FBI investigators he felt he was being made a scapegoat, blaming the agency's complex procedures. Whether institutional policy failures or individual oversight is the primary culprit remains unclear, but the result is the same: sensitive materials were exposed.
The situation was defused by FBI agents who spoke to the unknown hacker on a video call and flashed their ID on webcam. The person familiar with the breach said the intrusion was carried out by a foreign hacker who did not appear to realize they had penetrated a law enforcement server. The hacker expressed disgust at the presence of child abuse images on the device and left a message threatening to turn its owner over to the FBI.
However, the fortunate circumstance that the intruder apparently didn't understand what they'd accessed masks a more troubling reality. The intrusion appeared to have been carried out by a cybercriminal rather than a foreign government, but highlighted the intelligence value of the Epstein files as governments and journalists around the world scrutinise documents detailing the disgraced financier's ties to powerful figures. A researcher at the Georgia Institute of Technology noted that foreign intelligence agencies would likely be interested in the Epstein files as a target for kompromat.
The FBI described the breach as an isolated cyber incident and said it had restricted the intruder's access and secured the network. The timeline does not say which specific files were accessed, whether the hacker downloaded the data, or who the hacker was. That fundamental uncertainty lingers: without knowing what was accessed or downloaded, the full scope of the breach cannot be assessed.
The exposure carries particular weight given the recent legal mandate to release the Epstein files. The Epstein Files Transparency Act, signed by President Donald Trump on 19 November 2025, required the Justice Department to publish all unclassified records tied to the investigations of Epstein and his convicted co-conspirator Ghislaine Maxwell within 30 days. The irony is stark: in the name of transparency and accountability, highly sensitive materials containing information about powerful individuals have been forced into the public domain, and the FBI's security arrangements proved insufficient to protect them in the years before that mandatory release.
The breach serves as a cautionary reminder that institutional complexity, no matter how well-intentioned, creates vulnerability. Procedures designed to protect evidence can, paradoxically, create the conditions for compromise when they exceed the practical capacity of systems and personnel to manage them effectively.