Fired twin contractors allegedly wiped 96 federal databases on their way out

Muneeb and Sohaib Akhter, 34-year-old brothers with prior federal convictions for wire fraud, are accused of destroying 96 databases belonging to a Washington, DC contractor that served 45 US government agencies. The wipe allegedly occurred within minutes of their terminations, illustrating exactly why employers typically revoke credentials before announcing a firing — a privileged insider with active access is a textbook security risk.

Prosecutors say the sabotage capped a longer pattern of abuse. In one cited incident, Sohaib pulled the plaintext password of a complainant from the Equal Employment Opportunity Commission’s Public Portal, which his employer maintained, and handed it to Muneeb, who then accessed the person’s email. Muneeb had also harvested roughly 5,400 credentials from his employer’s network and built Python tools like ‘marriott_checker.py’ to credential-stuff them against consumer sites, successfully logging into hundreds of DocuSign and airline accounts and burning victims’ frequent-flyer miles on his own travel.

The case underscores the gap between background checks and sustained insider-threat monitoring: both brothers had served prison time for a 2015 computer-fraud scheme yet still landed roles with broad access to federal data. It also reinforces the operational case for rapid deprovisioning, least-privilege access, and audit logging on systems holding government records and PII.