What is offline secure storage?

Offline secure storage (OSS) is a data protection method where data is physically disconnected from the internet when not in use. Unlike cloud storage, data stored offline has zero remote attack surface — it cannot be hacked, ransomed or accessed remotely because it is not connected to any network. Firevault provides this through hardware-encrypted vaults that are physically isolated.

How does Firevault protect against ransomware?

Firevault protects against ransomware by physically disconnecting your data from the internet. Ransomware can only encrypt data it can reach over a network. When your data is stored offline in a Firevault, ransomware attacks cannot reach it. Even if your entire network is compromised, your offline vault remains untouched and intact.

How much does Firevault cost?

Firevault Vault starts from £75 per month (inc VAT) for individuals. Business Storage starts from £360 per month (inc VAT). Enterprise Platform pricing is available on request. All plans include hardware encryption, identity verification, and physical disconnection by default.

Who is Firevault designed for?

Firevault is designed for individuals protecting passports, wills and crypto keys; professionals such as solicitors, accountants and consultants protecting client data; SMEs and businesses protecting crown jewel data; and regulated industries including healthcare, financial services and legal sectors requiring offline backup for compliance with GDPR, NIS2, DORA and FCA regulations.

Is Firevault GDPR compliant?

Yes. Firevault is designed to support GDPR compliance by keeping sensitive personal data physically isolated and offline. Physical disconnection ensures data is not exposed to network-based attacks, supports data minimisation principles, and provides an audit trail of access. Firevault is also designed to support NIS2, DORA, FCA and SRA compliance requirements.

What is a physical air gap?

A physical air gap is a security measure where a computer or storage device is completely isolated from the internet and all unsecured networks. Unlike a logical or software air gap, a physical air gap cannot be bridged remotely. Firevault uses a Layer 1 physical air gap — your data is stored on hardware that is physically disconnected from any network when not in active use.

Back to Knowledge Vault

Breach Analysis27 March 20264 min read

Hackers Kash in on FBI Director's Data

Iran-linked hacker group Handala Hack Team claims to have accessed FBI Director Kash Patel personal email, publishing personal photographs and correspondence online. The breach highlights why sensitive communications must be physically disconnected from the internet.

Mark Fermor

Director & Co-Founder, Firevault

Cybersecurity visualisation depicting a state-sponsored cyber attack on US government infrastructure with Iranian-linked digital breach elements

Iran-linked hackers have claimed they accessed FBI Director Kash Patel's personal email inbox, publishing personal photographs and documents to the internet in what represents one of the most high-profile personal email breaches of a serving US law enforcement chief.

What Happened

On 27 March 2026, the hacker group known as the Handala Hack Team announced on their website that Patel "will now find his name among the list of successfully hacked victims." The group published a series of personal photographs of the FBI Director alongside what they claim is correspondence from his personal Gmail account spanning 2010 to 2019.

A US Department of Justice official confirmed that Patel's email had been breached and stated that the material published online appeared authentic. Reuters reported that the personal Gmail address Handala claims to have compromised matches the address linked to Patel in previous data breaches preserved by dark web intelligence firm District 4 Labs.

Who Is Behind the Attack

The Handala Hack Team, which describes itself as a pro-Palestinian vigilante hacking collective, is considered by Western cybersecurity researchers to be one of several personas operated by Iranian government cyberintelligence units. The group recently claimed responsibility for a separate attack on Michigan-based medical devices provider Stryker on 11 March, during which they allegedly deleted a significant volume of company data.

This is not an isolated incident. Iran-linked cyber operations have intensified throughout 2025 and 2026, with US authorities previously seizing domains associated with Handala earlier in March 2026, only for the group to restore operations shortly afterwards.

What Data Was Exposed

The leaked material reportedly includes personal photographs of Patel in informal settings, alongside what appears to be a mixture of personal and professional correspondence. The date range of the emails (2010 to 2019) suggests the breach may have exposed communications from Patel's time as a congressional staffer and his involvement in investigations related to the FBI's handling of the Trump-Russia inquiry.

The exposure of historical communications from a figure now leading the FBI represents a significant counterintelligence concern. Personal email accounts, unlike government systems, typically lack enterprise-grade security controls, multi-factor authentication enforcement, and monitoring capabilities.

Why This Matters

This breach underscores a persistent vulnerability in how senior officials and executives manage sensitive information. Personal email services, regardless of provider, remain connected to the internet at all times. They are indexed, backed up across multiple data centres, and accessible from any device with valid credentials.

The attack pattern is well established. Nation-state actors target personal accounts precisely because they sit outside the security perimeter of official government or corporate networks. Once credentials are compromised, whether through phishing, credential stuffing from prior breaches, or social engineering, the entire contents of an inbox become accessible.

For organisations handling sensitive correspondence, board communications, legal documents, or intellectual property, the lesson is clear: if data remains connected to the internet, it remains a target.

The Offline Alternative

Firevault's Layer 1 physical air gap architecture eliminates this attack vector entirely. By physically disconnecting storage from IP networks when not in active use, there is no persistent connection for attackers to exploit. Unlike cloud-based email services that maintain constant connectivity, physically isolated storage ensures that sensitive documents, correspondence archives, and critical records are unreachable by remote attackers.

The Patel breach is a textbook example of why the most sensitive materials require more than software-based security controls. When the FBI Director's personal email can be compromised by a state-sponsored hacking group, it demonstrates that no online service is immune. The only guaranteed defence against remote exfiltration is the removal of the network connection itself.

Key Takeaways

Personal email remains a critical vulnerability. Senior officials and executives routinely use personal accounts for communications that, if exposed, carry significant reputational and security consequences.
Nation-state actors target the weakest link. Iranian cyber units specifically targeted a personal Gmail account rather than attempting to breach FBI systems directly.
Historical data carries present-day risk. Emails from 2010 to 2019 remain valuable to adversaries when the individual now holds one of the most powerful law enforcement positions in the world.
Cloud-based email offers no physical protection. Gmail, Outlook, and similar services are always online, always accessible, and always a potential target for credential-based attacks.
Physical disconnection is the only absolute safeguard. Firevault's air gap approach ensures that archived communications and sensitive documents cannot be reached by any remote attacker, regardless of their sophistication or state backing.

View original article

About the author