A foreign cybercriminal gained access to sensitive FBI files tied to the Jeffrey Epstein investigation after a server at the bureau's New York Field Office was accidentally exposed to the public internet in February 2023, according to internal U.S. Department of Justice documents and reporting by Reuters.
The breach occurred inside the Child Exploitation Forensic Lab at the FBI's New York office, a unit responsible for analyzing digital evidence in child abuse investigations. The incident, first described publicly as a general cyber intrusion, is now confirmed to have involved materials connected to the federal investigation into Jeffrey Epstein, the financier whose criminal network triggered global scrutiny of powerful figures in politics and business.
The revelation comes as the Trump administration has released millions of pages of Epstein-related records following passage of the Epstein Files Transparency Act, legislation signed by President Donald Trump in November 2025 that mandated disclosure of previously sealed materials.
According to documents reviewed by Reuters, the security lapse occurred on Feb. 12, 2023, when FBI Special Agent Aaron Spivack inadvertently left a government server accessible outside the bureau's secure network while navigating internal procedures related to digital evidence.
The breach was discovered the following morning. When Spivack logged into the system on Feb. 13, he found a message placed on the server by the intruder indicating the system had been compromised.
In his written account referenced in the documents, Spivack reported that investigators later found signs the intruder had examined files connected to the Epstein investigation. Spivack wrote there was evidence of someone "combing through certain files pertaining to the Epstein investigation."
Reuters reported that the documents do not specify which particular files were accessed or whether any materials were downloaded or copied.
Spivack did not respond to repeated requests for comment from Reuters, according to the news agency. Reuters also reported it could not reach the attorney identified in the documents as representing him, Richard J. Roberson Jr.
The FBI agents involved in investigating the incident similarly did not respond to inquiries, Reuters said.
The hacker involved in the intrusion appears to have been a lone foreign cybercriminal rather than a state-directed intelligence operation, according to a source cited by Reuters. The distinction is significant for investigators assessing intent and potential national security implications.
According to the source, the intruder initially appeared unaware that the compromised server belonged to the FBI. After encountering files that reportedly included child sexual abuse imagery related to investigative evidence, the hacker allegedly reacted with alarm.
The individual reportedly left a message on the system threatening to report the contents to the FBI itself. Authorities later established communication with the hacker through a video call, during which agents displayed official credentials to verify their identities.
The available documents do not clarify whether investigators ultimately identified the individual responsible for the intrusion or whether any criminal charges were filed.
The breach is drawing renewed attention because of the enormous volume of material connected to the Epstein investigation that has since been released publicly.
Under the Epstein Files Transparency Act, the Department of Justice released records in multiple stages:
- Dec. 19, 2025: Initial release of documents, widely criticized by lawmakers for extensive redactions
- Jan. 30, 2026: Publication of more than three million pages of documents, 180,000 images, and approximately 2,000 videos
At a press conference announcing the January release, Deputy Attorney General Todd Blanche said the materials "did not protect" President Trump and added he had seen no evidence that the White House interfered with the disclosure process.
The scale of the document release has already triggered investigations across multiple countries. Prosecutors in Turkey opened inquiries involving alleged victims with Turkish nationality, while academic institutions including Harvard University and Barnard College launched internal reviews.
Cybersecurity experts say the earlier breach underscores how sensitive investigative data can become a target for foreign intelligence services.
Jon Lindsay, an associate professor at the Georgia Institute of Technology's School of Cybersecurity and Privacy, said the Epstein files would naturally attract interest from adversaries seeking political leverage.
Lindsay told Reuters: "Who would not be going after the Epstein files if you're the Russians or somebody interested in kompromat?" He added, "If foreign intelligence agencies are not thinking seriously about the Epstein files as a target, then I would be shocked."
