The reported Handala leak should not be dismissed as another routine cyber incident. It’s a sign that hostile actors now see personal information as a weapon of intimidation.
According to Wall Street JournalThe Iran-linked Handala Hack Team claimed to have published the names and details of 2,379 US Marines stationed in the Persian Gulf region. Stars and stripes reported that US Central Command referred questions to the Naval Criminal Investigative Service as officials continue to assess how many of the leaks are authentic.
The most alarming part is not only the data dump, but the pressure method. Task & Purpose reported that some US service members received threatening WhatsApp messages suggesting they were being watched.
Handala has also claimed to hold home addresses, family information, base details and daily routines. Regardless of whether each claim is true or exaggerated, the goal is clearly to make American personnel and their families feel exposed.
The new form of pressure on the battlefield
That’s why Washington should treat the incident as a force protection issue, not just a privacy violation. of US Department of Justice has already linked Handala-related infrastructure to cyber-enabled Iranian psychological operations. Reuters reported that the group quickly re-established its online presence after US authorities seized the domains, showing how resilient these proxy-style cyber operations can be.
Handala fits a broader Iranian pattern. Safety Week notes that the group is traced by several names, while Checkpoint research identifies Handala as Void Manticore, an Iranian threat actor associated with disruptive attacks and hack-and-leak operations.
Unit 42 has also described Handala as a prominent figure linked to Iran who combines data theft with political messaging.
The numbers indicate the risk
Strategic context matters. Google Cloud 2025 M-Trends observed that Iran-nexus actors increased cyber operations and improved intrusion methods. CSIS recently warned that Iranian cyber activity remains a serious threat to American organizations, while a CISA-FBI Advisory specifically describes Iranian campaigns that combine data theft with online threats and harassment.
The broader cyber statistics are equally sobering. of Microsoft Digital Defense Report 2025 says nation-state actors are using more targeted and scalable cyber influence tactics. of FBI Cybercrime Report 2025 put cybercrime losses at nearly $21 billion.
IBM Data Breach Cost Report 2025 put the average global cost of the breach at $4.4 million and Verizon’s 2025 DBIR found that third-party involvement in breaches had doubled to 30%.
The peril of the Persian Gulf
The Persian Gulf is no ordinary post. US Naval Forces Central Command says its Fifth Fleet area covers about 2.5 million square miles and includes three critical chokepoints: the Strait of Hormuz, the Suez Canal and Bab el-Mandeb.
US Central Command says its largest area includes more than 4 million square kilometers and more than 560 million people. In such a tense region, a phone number, address or movement pattern can become operationally sensitive.
The US also has a large human target area. USAFacts reported that about 1.34 million active duty troops were serving as of December 2025. Every deployed service member now has a digital footprint and old passwords, family social media, commercial data brokers, messaging apps, compromised accounts and travel habits.
Iran-linked hackers don’t need to steal a classified battle plan if they can build a credible intimidation profile from shared personal data.
A stronger response is needed
The Pentagon must respond with urgency, but not panic. It should provide affected troops and families with identity protection support, control exposed contact information, review personal device risks, monitor dark web resale of military data, and address family safety as part of operational security.
of FINRA Cyber Alert correctly identifies hack-and-leak operations as a deliberate discrediting tactic against soldiers; that harm can become a personal risk. The US must also impose costs through attribution, sanctions, lawsuits and disruptions. But the deeper lesson is the defensive one.
Unit 42 analysis of evolving Iranian tactics shows how quickly these actors adapt. Handala’s message is meant to say that we can reach you beyond the grassroots. America’s response must be equally clear that personal data on troops is no longer an administrative afterthought, but part of national defense.
Dr. Sahibzada Muhammad Usman holds a PhD (Italy) in geopolitics and is currently doing a postdoctoral fellowship at Shandong University, China. He is the author of Divergent Approaches to Central Asia: Economy, Security and Energy, published by Lexington, USA.
