Newly reviewed Justice Department documents, alongside information from a person familiar with the incident, indicate that files connected to the FBI's investigation into the late financier Jeffrey Epstein were compromised during a cyber intrusion at the bureau's New York Field Office in February 2023.
According to a timeline prepared by Special Agent Aaron Spivack and included among the published documents, the security breach occurred on February 12, 2023, at a server housed within the Child Exploitation Forensic Lab. The timeline states the following day the compromise was detected after Spivack powered on his workstation and encountered a text file notifying him that the network had been breached.
Subsequent examination of the device uncovered evidence of irregular activity on the server. The timeline characterizes that activity as having "included combing through certain files pertaining to the Epstein investigation." The document does not enumerate which specific items were examined, whether any data was exfiltrated, or the identity of the intruder.
In a public statement responding to queries about what it called a "cyber incident," the FBI described the event as an isolated matter. The bureau said it restricted the intruder's access and corrected the network vulnerabilities, and added that the investigation remains active at this time.
One source familiar with the breach said the intrusion appeared to have been carried out by a cybercriminal operating from abroad rather than by a foreign government. That person also said the intruder seemed not to realize the server belonged to law enforcement. The individual left a message expressing revulsion at child abuse material found on the device and threatened to report the server's owner to federal authorities, according to the source.
Officials inside the bureau managed the encounter, the source said, by persuading the intruder that they were in fact FBI personnel. Those efforts included inviting the intruder into a video call and displaying law enforcement credentials to the intruder's webcam.
Spivack, whose actions and account appear in the timeline, told investigators he feared he was being singled out as a scapegoat for the incident and cited conflicting bureau policies and unclear information-technology guidance as contributing factors. The documents name seven FBI agents who were involved in the inquiry into the intrusion, though those agents did not respond to requests for comment. Repeated messages to Spivack and to the lawyer identified in the records were not returned.
The legally mandated release of Justice Department materials tied to the Epstein probes has revealed the financier's connections to figures in politics, finance, academia and business, and has prompted various investigations internationally. Jon Lindsay, who researches technology's role in global security at the Georgia Institute of Technology, emphasized the files' potential intelligence value, saying, "Who wouldn't be going after the Epstein files if you're the Russians or somebody interested in kompromat? If foreign intelligence agencies are not thinking seriously about the Epstein files as a target, then I would be shocked."
The breach itself was publicly reported contemporaneously by major media outlets on February 17, and the documentary link between the break-in and Epstein-related material was made by a French publication, Marianne. The precise relationship between the server activity documented in the Spivack timeline and the sets of Epstein-related files that have been published, or those that remain withheld, could not be established from the available records.
Several elements regarding the incident remain unresolved in the documentation. It is not clear who the intruder was, where they were operating from, what they ultimately did with any accessed material, or whether federal authorities attempted to track down or prosecute the individual. The source and the records reviewed do not indicate any identification or attribution beyond the description of a foreign hacker.
Many of the Justice Department's documents that have been made public are heavily redacted, and other materials remain under seal despite a statutory requirement for their release last year. Officials within the prior administration have said that some content is being withheld because it could expose victims or jeopardize active investigations.
The matter raises questions about the intersection of digital-evidence handling and bureau procedure. The timeline suggests the vulnerability was created unintentionally while an agent sought to follow the FBI's complex rules for processing electronic material. The agent's account frames the issue as rooted at least in part in procedural confusion and flawed guidance on technology, which he argued led to the server being left open to outside access.
At present, the FBI characterizes the incident as contained, and its communications say steps have been taken to limit further exposure. Beyond that, the public record available in the released Justice Department documents does not permit firm conclusions about the scope of what was accessed or the full consequences of the intrusion.
Summary of key developments:
- On February 12, 2023, a server at the Child Exploitation Forensic Lab in the FBI's New York Field Office was compromised, according to a timeline prepared by the agent assigned to the machine.
- The timeline reports that the intruder searched files related to the investigation of Jeffrey Epstein, but the specific files and whether data was removed are not identified.
- The FBI has said the cyber incident was isolated, that access was restricted and the network was remediated, and that the probe is ongoing.