HomeIntelligenceBrief
BREACH BRIEF🟠 High Breach

ClickFix Infostealer Hijacks FBI Chief Kash Patel’s Online Clothing Store, Exfiltrates macOS User Data

A malicious ClickFix website tricked macOS shoppers of FBI Chief Kash Patel’s online clothing store into installing an infostealer, resulting in confirmed credential and personal data exposure. The breach underscores the need for rigorous third‑party e‑commerce security controls in TPRM programs.

LiveThreat™ Intelligence · 📅 May 25, 2026· 📰 hackread.com
🟠
Severity
High
BR
Type
Breach
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
3 recommended
📰
Source
hackread.com

FBI Chief Kash Patel’s Clothing Store Compromised by ClickFix macOS Infostealer

What Happened — Hackers operated a malicious “ClickFix” website that lured macOS visitors of FBI Chief Kash Patel’s online clothing store into downloading an infostealer payload. The malware harvested browser cookies, saved passwords and other personal data from shoppers.

Why It Matters for TPRM

  • High‑profile government figures can be targeted through seemingly innocuous third‑party retail sites.
  • The incident shows that e‑commerce platforms, even small‑scale ones, are viable entry points for credential‑stealing campaigns.
  • Organizations must assess the security posture of any external storefront or SaaS that processes sensitive contacts.

Who Is Affected — Government officials, retail/e‑commerce vendors, macOS end‑users.

Recommended Actions

  • Conduct a security review of all third‑party e‑commerce providers and web‑hosting contracts.
  • Enforce multi‑factor authentication and password‑less login where possible for admin accounts.
  • Deploy endpoint protection on macOS devices and educate users on malicious download vectors.

Technical Notes — Attack vector: malicious website (ClickFix) employing social‑engineering to deliver a macOS infostealer. No known CVE; data types exfiltrated include login credentials, session cookies, and possibly payment details. Source: HackRead

📰 Original Source
https://hackread.com/fbi-chief-kash-patel-store-hacked-infostealer-clickfix/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · PrivacyOps · CookiePLUS

Data exposure is where consent and DSAR readiness get tested.

When personal data leaks, regulators ask what consent you held and how fast you can answer a subject request. The Verisq AI Trust Operations platform, with CookiePLUS, keeps that posture audit-ready under GDPR and CCPA.

Explore the Verisq AI Trust Operations platform →