A former government contractor has been convicted for orchestrating the destruction of dozens of federal databases after being terminated from his job, according to the U.S. Department of Justice. The incident impacted multiple federal agencies and involved the deletion of sensitive investigative records and government data.

The convicted individual, 34-year-old Sohaib Akhter of Virginia, allegedly worked alongside his twin brother, Muneeb Akhter, to sabotage systems belonging to their employer and its government customers shortly after both were fired in February 2025.

What Happened?

According to prosecutors, the Akhter brothers were employed by a contractor serving more than 45 federal agencies and hosting government systems on servers located in Ashburn, Virginia. After the company discovered Sohaib Akhter’s prior felony conviction, both brothers were dismissed during a remote meeting on February 18, 2025.

Authorities state that immediately following their termination, the brothers accessed company systems without authorization and began sabotaging databases used by federal agencies. The attack reportedly included:

• Write-protecting databases to block recovery efforts

• Deleting databases containing government information

• Destroying evidence linked to the intrusion

• Wiping company-issued laptops before returning them

Court documents revealed that approximately 96 government databases were erased within just a few hours.

Sensitive Government Records Destroyed

The deleted databases allegedly contained:

• Sensitive investigative files

• Freedom of Information Act (FOIA) records

• Government operational data belonging to multiple federal agencies

Prosecutors also claimed that after deleting a Department of Homeland Security database, the suspects consulted an AI assistant for advice on clearing system logs to hide their activity.

Investigators further alleged that the brothers discussed cleaning their residence in anticipation of a possible federal search.

Prior Cybercrime Convictions

This was not the brothers’ first encounter with federal cybercrime charges.

In 2016, Sohaib and Muneeb Akhter were sentenced to prison after pleading guilty to illegally accessing U.S. State Department systems and stealing personal information belonging to coworkers and a federal law enforcement officer investigating their activity.

Despite those convictions, the pair were later rehired as government contractors.

Official Statements

Jennifer L. Fain, Inspector General for the FDIC Office of Inspector General, stated that the deliberate destruction of government databases demonstrated “a blatant disregard for the security and integrity of federal information systems.”

Federal prosecutors emphasized that the case highlights the severe risks posed by insider threats, especially when privileged access to government infrastructure is involved.

Potential Sentences

Sohaib Akhter is scheduled to be sentenced on September 9, 2026, and faces a maximum sentence of 21 years in prison.

Muneeb Akhter faces additional charges, including aggravated identity theft and theft of government records, carrying a potential maximum sentence of 45 years.

Why This Attack Matters

The case underscores how insider threats remain one of the most dangerous cybersecurity risks facing government agencies and enterprises alike. Unlike external attackers, insiders often possess legitimate access, making destructive actions more difficult to detect in real time.

The incident also demonstrates how quickly critical systems can be disrupted when access controls, monitoring, and privileged account protections are insufficient.

Organizations handling sensitive government or enterprise data should consider:

• Strict privileged access management (PAM)

• Immediate credential revocation during employee termination

• Continuous database activity monitoring

• Immutable backups and recovery systems

• Insider threat detection programs

As cyber incidents increasingly involve trusted insiders rather than external hackers alone, proactive monitoring and rapid offboarding procedures are becoming essential parts of modern cybersecurity strategy.

Disclaimer: ClearPhish maintains a strict policy of not participating in the theft, distribution, or handling of stolen data or files. The platform does not engage in exfiltration, downloading, hosting, or reposting any illegally obtained information. Any responsibility or legal inquiries regarding the data should be directed solely at the responsible cybercriminals or attackers, as ClearPhish is not involved in these activities. We encourage parties affected by any breach to seek resolution through legal channels directly with the attackers responsible for such incidents.