Authorities arrested twin brothers Muneeb and Sohaib Akhter in Alexandria, Virginia, for allegedly stealing and destroying government data held by a federal contractor minutes after their termination in February 2025. The brothers had previously pleaded guilty to hacking into the State Department in 2015.
The Justice Department charged the 34-year-old brothers with compromising data from multiple federal agencies during a weeklong spree in February. The contractor, identified in previous reports as Washington-based Opexus, provides services and hosts data for more than 45 federal agencies. Prosecutors allege Muneeb Akhter deleted approximately 96 databases storing US government information, including sensitive investigative files and Freedom of Information Act records. He allegedly deleted a Homeland Security production database, copied more than 1,800 files belonging to the Equal Employment Opportunity Commission, and stole IRS records containing personally identifiable information on at least 450 people. Authorities also accused him of using an artificial intelligence tool to query advice on clearing system logs and event logs. The brothers allegedly cleaned their residence in anticipation of a law enforcement raid and wiped their employer-owned computers by reinstalling the operating system.
In June 2015, they pleaded guilty to conspiracy to commit wire fraud, conspiracy to access a protected computer without authorization, and conspiracy to access a government computer without authorization.
Muneeb Akhter hacked into a cosmetics company website and stole thousands of customers' credit card and personal information. The brothers used this stolen information to purchase flights, hotel reservations, and conference attendance. Muneeb also sold stolen information on the dark net for profit.
Both brothers engaged in computer intrusions against the U.S. Department of State to obtain sensitive passport and visa information. Sohaib Akhter used his contract position at the State Department to access sensitive systems containing personally identifiable information belonging to co-workers, acquaintances, a former employer, and a federal law enforcement agent investigating his crimes. He attempted to secretly install an electronic collection device inside a State Department building to maintain perpetual access to systems, but broke the device during installation.
Muneeb Akhter also hacked into a private data aggregation company's database while working as a contractor to steal federal contract information for their own technology company. He lied on a government background investigation form to obtain a position with a defense contractor and later obstructed justice by helping a co-conspirator flee to Malta.
Muneeb Akhter was sentenced to 39 months in prison and Sohaib Akhter was sentenced to 24 months in prison. An investigation aided by more than 20 federal agencies alleges the brothers committed cybercrime ten years later using privileged access and technical expertise gained from their employment at a government contractor.
Muneeb Akhter faces charges of:
Sohaib Akhter faces charges of:
The attacks affected multiple federal agencies including the Department of Homeland Security, Internal Revenue Service, and the Equal Employment Opportunity Commission.
Matthew R. Galeotti, acting assistant attorney general with the Justice Department's Criminal Division, stated that the defendants "abused their positions as federal contractors to attack government databases and steal sensitive government information." He added that their "actions jeopardized the security of government systems and disrupted agencies' ability to serve the American people."
Joseph V. Cuffari, inspector general at the Department of Homeland Security, stated that "Federal contractors who abuse their positions will be held accountable for their actions." He further said, "The actions of individuals like Muneeb and Sohaib Akhter are threats to our national security."
This case displays security risks posed by insider threats within the federal contractor field. The fact that these individuals had prior convictions for similar cybercrimes yet regained access to sensitive government systems raises questions about background check processes and ongoing monitoring of contractors with privileged access. With more than 45 federal agencies potentially affected through a single contractor, this breach shows the vulnerabilities created when third-party vendors serve as centralized data repositories. The theft of PII from IRS records and deletion of FOIA-related materials could have consequences for both individual privacy and government transparency obligations.
Related: HIPAA Compliant Email: The Definitive Guide
Immediate access revocation and offboarding protocols would have blocked logins.
There is no indication that classified data was compromised, only sensitive operational records and PII.
Yes, continuous monitoring and anomaly-detection systems may have identified unusual access or deletion behavior sooner.