Foreign hacker compromised Epstein files held by FBI in 2023: Source and documents
Sign up now: Get ST's newsletters delivered to your inbox
Convicted US sex offender Jeffrey Epstein (left) and his now-jailed associate Ghislaine Maxwell are seen in a photo released in December 2025 by the US Justice Department.
PHOTO: REUTERS
- In 2023, a foreign hacker breached an FBI server in New York, accessing files related to the Jeffrey Epstein investigation.
- Special Agent Aaron Spivack inadvertently left the server vulnerable; the hacker left a message threatening to expose the server's owner.
- The FBI claims it contained the "cyber incident", but questions remain about the hacker's identity, motives, and data usage.
AI generated
WASHINGTON - A foreign hacker compromised files relating to the Federal Bureau of Investigation’s probe of the late sex offender Jeffrey Epstein during a break-in at the bureau’s New York Field Office three years ago, according to a source familiar with the matter and recently published Justice Department documents reviewed by Reuters.
The details of who accessed a server at the FBI field office, including the allegation that a foreign hacker was involved, are being reported here for the first time.
In a statement, the FBI said what it described as a “cyber incident” was “an isolated one”. “The FBI restricted access to the malicious actor and rectified the network. The investigation remains ongoing, so we do not have further comments to provide at this time.”
Although the source said the intrusion appeared to have been carried out by a cybercriminal rather than a foreign government, the incident underscores the files’ potential intelligence value, one academic said.
The legally mandated publication of US Justice Department documents has exposed the dead financier’s ties to prominent people in politics, finance, academia and business, triggering investigations in numerous countries around the world.
“Who wouldn’t be going after the Epstein files if you’re the Russians or somebody interested in kompromat (compromising material),” said Mr Jon Lindsay, who researches the role of emerging technology in global security at the Georgia Institute of Technology.
“If foreign intelligence agencies are not thinking seriously about the Epstein files as a target, then I would be shocked.”
The breach was reported contemporaneously by CNN and Reuters on Feb 17; the connection to Epstein materials was made by the French magazine Marianne.
Epstein, a long-time associate of President Donald Trump, pleaded guilty in 2008 to prostitution charges, including soliciting an underage girl. He was found hanged in his jail cell in 2019, in what was ruled a suicide, after being arrested again on federal charges of sex trafficking of minors.
February 2023 break-in
The hack occurred after a server at the Child Exploitation Forensic Lab in the FBI’s New York Field Office was inadvertently left vulnerable by Special Agent Aaron Spivack, who was trying to navigate the bureau’s complex procedures for handling digital evidence, according to the source and the documents.
A timeline written by Mr Spivack and included in the large cache of Epstein documents released earlier in 2026 said the break-in happened on Feb 12, 2023. It was discovered the following day when Mr Spivack turned on his computer and discovered a text file warning him that his network had been compromised, according to that document.
Further investigation turned up traces of unusual activity on the server, the document said, adding that the activity “included combing through certain files pertaining to the Epstein investigation”.
The timeline does not say which specific files were accessed, whether the hacker downloaded the data, or who the hacker was.
Reuters could not establish what, if any, overlap the affected data had with the Epstein documents published earlier in 2026 or the files that remain under wraps.
Mr Spivack, whose name appears elsewhere in the documents in connection with the Epstein investigation, did not return repeated messages seeking comment.
Reuters was unable to reach the man identified in the documents as Mr Spivack’s lawyer, Mr Richard J. Roberson, Jr.
Seven FBI agents identified in the documents as being involved in the investigation into the incident did not return messages.
Hacker, FBI chatted by video
In his statement to FBI investigators examining whether he was responsible for the breach, Mr Spivack said he was being made “a scapegoat for the intrusion” and that conflicting bureau policies and faulty guidance around information technology were to blame.
Reuters could not establish the result of the bureau’s internal investigation.
The person familiar with the breach said the intrusion was carried out by a foreign hacker who did not appear to realise a law enforcement server had been penetrated.
The hacker expressed disgust at the presence of child abuse images on the device and left a message threatening to turn its owner over to the FBI, the person said.
The source said bureau officials defused the situation by convincing the hacker that they actually were the FBI, in part by having the hacker join a video chat where they flashed their law enforcement credentials in front of a web camera.
Reuters could not determine – and the source said they did not know – who the hacker was, what country the person was operating from, what the person did with the material accessed, or whether any effort was made to identify or punish the person for breaking into the FBI’s server.
Many of the Justice Department’s documents have been heavily redacted and others have been kept secret altogether despite a law mandating their full release in 2025.
The Trump administration says it is withholding material that could compromise victims’ identities or jeopardise ongoing investigations. REUTERS
