A foreign hacker allegedly accessed files tied to the FBI's investigation of the late sex offender Jeffrey Epstein in February 2023, after an agent at the bureau's New York Field Office inadvertently left a government server exposed to the public internet.
The breach, originally reported only as a general cyber incident, is now confirmed to have involved Epstein-linked materials, in a disclosure that raises fresh questions about who may have obtained some of the most politically sensitive law enforcement data in the United States.
The details were first published on 11 March 2026 by Reuters, citing a source with direct knowledge of the incident and internal Justice Department documents that entered the public domain as part of the legally mandated Epstein file releases.
The news follows the Trump administration's publication of more than three million pages of Epstein-related documents on 30 January, a release that has already triggered investigations in several countries and the resignations of public figures in multiple jurisdictions.
How the Server Was Left Exposed
According to the DOJ documents reviewed by Reuters and a timeline written by the agent involved, the intrusion occurred on 12 February 2023. The server that was compromised sat inside the Child Exploitation Forensic Lab at the FBI's New York Field Office, a unit that handles digital evidence in child abuse investigations, including those connected to Epstein.
Special Agent Aaron Spivack, whose name appears throughout the released Epstein documents in connection with the investigation, was attempting to navigate the FBI's complex internal procedures for handling digital evidence when, according to the documents, he left the server reachable from outside the bureau's secure network. The breach was not immediately apparent. Spivack discovered what had happened the following morning, 13 February, when he switched on his computer and found a text file that had been placed on the system warning him it had been breached.
Investigators who examined the server afterwards found traces of unusual activity, including, as Spivack later noted in his own written account, evidence of someone 'combing through certain files pertaining to the Epstein investigation.' The documents reviewed by Reuters do not specify exactly which files were accessed, whether any data was downloaded, or what the overlap was between the breached material and the documents that the DOJ has since made public.
Spivack did not respond to repeated interview requests from Reuters. The agency was also unable to reach the lawyer identified in the documents as representing Spivack, Richard J. Roberson Jr. Seven FBI agents listed in the internal records as being connected to the investigation into the incident also did not return messages.
The Hacker: A Cybercriminal Who Did Not Know What He Had Found
The source who spoke to Reuters said the intrusion appeared to have been carried out by a foreign cybercriminal acting alone, rather than a state-directed intelligence operation. That assessment is notable for what it suggests about the hacker's behaviour after gaining access.
According to the source, the individual appeared to be unaware they had entered a law enforcement server and, upon encountering what the documents describe as child sexual abuse imagery on the device, expressed revulsion.
The hacker allegedly left a message on the compromised system threatening to report the contents to the FBI itself. FBI agents subsequently made contact with the unknown individual in a video call, during which they displayed their bureau credentials on camera. The call defused the immediate situation. The FBI has not publicly stated whether the hacker's identity was established or whether any prosecution was pursued.
The distinction between a rogue cybercriminal and a state-backed actor matters in terms of legal exposure and intent, but it does not diminish the potential damage. Sensitive investigative data, once accessed by an unknown party, cannot be recalled. Whether the hacker downloaded anything, and what they may have passed on, remains an open question in the Reuters reporting and in the FBI's publicly stated position.
The Intelligence Value of the Epstein Files: Why the Breach Matters Now
The hack took place three years before the DOJ's mass release of Epstein-related material, but its significance has grown alongside the scale and political sensitivity of those releases. The Epstein Files Transparency Act, signed by President Donald Trump on 19 November 2025, required the Justice Department to publish all unclassified records tied to the investigations of Epstein and his convicted co-conspirator Ghislaine Maxwell within 30 days.
The first release, on 19 December 2025, drew bipartisan criticism for heavy redactions. On 30 January 2026, the DOJ published over three million pages of documents, 180,000 images and approximately 2,000 videos.
Deputy Attorney General Todd Blanche said during a press conference on 30 January that the material 'did not protect' Trump and that he had seen no evidence of White House interference in what was published. The documents have nonetheless implicated, or prompted scrutiny of, figures in politics, finance, academia and business across multiple countries.
Turkish prosecutors opened an investigation following revelations about alleged victims with Turkish nationality. Faculty at institutions including Harvard and Barnard College called for internal inquiries. Several governments announced formal reviews.
Against that backdrop, the news that a foreign actor had already been inside the FBI's own Epstein-related digital holdings three years ago has alarmed security analysts. Jon Lindsay, an associate professor at the Georgia Institute of Technology's School of Cybersecurity and Privacy who studies emerging technology in global security contexts, did not mince his words in comments to Reuters. 'Who would not be going after the Epstein files if you're the Russians or somebody interested in kompromat?' he said. 'If foreign intelligence agencies are not thinking seriously about the Epstein files as a target, then I would be shocked.'
The files have been released, countries are investigating, careers have been upended — and somewhere, a foreign hacker browsed through those same documents three years before the rest of the world was allowed to see them.
Originally published on IBTimes UK
© Copyright IBTimes 2025. All rights reserved.
