A Foreign Hacker Broke Into the FBI Server Holding Epstein Evidence. The Bureau Kept Quiet for Three Years.

On February 12, 2023, a foreign hacker broke into an FBI server in New York that contained evidence from the Jeffrey Epstein investigation. The server was part of the Child Exploitation Forensic Lab at the FBI's New York Field Office. It held some of the most sensitive material in one of the most closely watched criminal cases in American history.

The breach was discovered the next day. But the public did not learn about it until March 2026, when Reuters reported the incident based on internal FBI documents and interviews with current and former officials.

Three years passed between the hack and the disclosure. During that time, the FBI did not announce the breach. It did not notify the public that evidence in the Epstein case had been accessed by an unknown foreign actor. It did not explain what was taken, what was copied, or what was done with the material.

The story of the breach raises questions that go beyond cybersecurity. It goes to the integrity of the evidence itself, the FBI's handling of the most prominent sex trafficking case of the century, and whether the bureau's institutional failures around Epstein extended from Palm Beach in 2006 to a forensic lab in Lower Manhattan in 2023.

What Happened

The vulnerability was created by FBI Special Agent Aaron Spivack, who was navigating the bureau's procedures for handling digital evidence in the Epstein case. The procedures were complex. The system required multiple steps to maintain chain-of-custody requirements for evidence that could be used in ongoing investigations or future prosecutions.

Spivack inadvertently left the server exposed while working through those procedures. A foreign hacker found the opening and accessed the system.

What the hacker found disturbed them. The server contained child sexual abuse material that had been collected as evidence in the Epstein investigation. The intruder, apparently unaware that the server belonged to the FBI, expressed disgust at the images and threatened to report "its owner" to law enforcement.

FBI agents had to convince the hacker that the server was, in fact, an FBI system. They arranged a video call in which agents displayed their credentials to the intruder. The conversation defused the immediate situation, but it did not answer the more important questions: who was the hacker, what country were they operating from, and what did they do with the material they accessed?

Reuters reported that it could not determine the answers to any of those questions. Neither could the FBI, at least not publicly.

What Was on the Server

The Child Exploitation Forensic Lab processes digital evidence related to crimes against children. In the context of the Epstein case, that evidence includes material seized from Epstein's properties, his electronic devices, and the devices of individuals connected to the investigation.

The scope of that material is enormous. When federal agents raided Epstein's Manhattan townhouse on July 6, 2019, they found "nude photographs of what appeared to be underage girls" according to the search warrant affidavit. Agents also seized computers, hard drives, CDs, and other digital storage media. Additional material was obtained from Epstein's properties in Palm Beach, New Mexico, and the U.S. Virgin Islands.

The forensic lab was responsible for processing, cataloging, and preserving this evidence. The chain of custody for digital evidence is especially critical because digital files can be copied without detection, altered without physical trace, and distributed without limit.

A breach of the server where that evidence was stored does not necessarily mean the evidence was tampered with. But it means that the chain of custody was broken. An unknown external party had access to material that was supposed to be under the exclusive control of federal law enforcement. Whatever that person saw, copied, or transmitted is now outside the system of accountability that makes evidence admissible in court.

The Scapegoat Question

After the breach was discovered, an internal review examined how it happened. Agent Spivack told investigators that he felt he was being made a "scapegoat" for systemic problems with the bureau's evidence-handling procedures.

His complaint was not frivolous. Digital evidence management in large-scale federal investigations is notoriously cumbersome. The systems are designed to maintain legal standards of chain of custody, authentication, and access control. But those systems are only as strong as the people operating them and the resources allocated to maintaining them.

In the Epstein case, the volume of digital evidence was extraordinary. Millions of files across multiple properties and devices, spanning decades of activity. Processing that volume requires dedicated personnel, up-to-date infrastructure, and procedures that balance security against the practical need for analysts to access the material.

Spivack's situation suggests that at least one of those elements was insufficient. Whether the failure was individual or institutional is a question the FBI has not publicly answered.

The Three-Year Silence

The most troubling aspect of the breach is not that it happened. Server breaches, while serious, are an acknowledged risk in any organization that stores sensitive data. What is troubling is the gap between discovery and disclosure.

The FBI learned about the breach on February 13, 2023. Reuters published its report in March 2026. During those three years, the Epstein case went through a series of significant public developments: the settlement of civil lawsuits against JPMorgan and Deutsche Bank, the arrest and conviction of Ghislaine Maxwell, the passage of the Epstein Files Transparency Act, and the January 2026 release of more than 2.1 million documents.

At no point during any of those proceedings did the FBI disclose that its evidence server had been accessed by an unknown foreign actor. Defense attorneys, survivors' lawyers, congressional investigators, and the public were all operating under the assumption that the FBI's evidence was intact and secure.

If the breach affected the integrity of specific evidence, that information would be material to ongoing litigation. If it did not, disclosing it would have been embarrassing but not legally significant. The fact that the FBI chose silence suggests either that the implications were serious enough to warrant concealment, or that the bureau's institutional culture treats evidence-handling failures as internal matters that do not require public accountability.

Neither explanation is acceptable.

A Pattern of Institutional Failure

The Epstein case has been defined, at every stage, by institutional failures. The Palm Beach County Sheriff's Office built a case in 2005 that the local state attorney declined to prosecute aggressively. The FBI investigated in 2006 and referred the case to federal prosecutors in Miami, who then negotiated a non-prosecution agreement that allowed Epstein to plead guilty to state charges and serve 13 months with work-release privileges.

That agreement, brokered by then-U.S. Attorney Alexander Acosta, was later found to have violated the Crime Victims' Rights Act because prosecutors failed to notify Epstein's victims before signing it.

The Metropolitan Correctional Center in Manhattan failed to monitor Epstein on the night he died. Two guards falsified their logs. The facility's cameras did not capture usable footage. The medical examiner ruled the death a suicide; a private forensic expert hired by the family disagreed.

And now: the FBI's forensic lab, the place where the physical and digital evidence of Epstein's crimes was supposed to be preserved for history and for justice, was breached by a foreign hacker who stumbled into it by accident.

Each failure, taken individually, can be explained as a mistake, a resource constraint, or an operational lapse. Taken together, they describe a system that has consistently failed to protect either the victims of Jeffrey Epstein or the evidence of his crimes.

The hacker who accessed the server in 2023 was reportedly appalled by what they found. They threatened to turn the evidence over to authorities. They did not realize they were already inside the authorities' house.

That irony says more about the state of the Epstein investigation than any official statement ever has.