Muneeb and Sohaib Akhter, twin brothers recently fired from their employer managing US government databases, deleted nearly a hundred databases and stole sensitive files within minutes of their termination, revealing serious weaknesses in access control practices during employee separation.
- 96 US government databases deleted in under an hour
- One brother’s credentials revoked on time; the other’s were not
- Sensitive EEOC and federal tax data stolen after termination
What happened
Muneeb and Sohaib Akhter, twin brothers in their mid-30s, were recently fired from a company servicing 45 federal clients, including key US government agencies. Shortly after their simultaneous termination in a Microsoft Teams call, Sohaib’s access was cut off immediately, but Muneeb’s was not revoked in time. Within minutes, Muneeb exploited this oversight to delete about 96 government databases and steal thousands of files, including sensitive information from the Equal Employment Opportunity Commission (EEOC) and tax records of hundreds of individuals.
Prior to their firing, the brothers had engaged in unauthorized activities, including harvesting thousands of usernames and passwords from their company network and using them to access various online accounts fraudulently. The attack unfolded rapidly in the late afternoon, with Muneeb employing destructive SQL commands and researching methods to erase system logs, clearly intending to cover their tracks. Meanwhile, the siblings maintained communication, reflecting a coordinated effort to maximize damage.
Why it matters
This incident highlights the critical security risk posed by not immediately revoking IT credentials when employees with privileged access are dismissed. Allowing terminated staff to maintain access for even a few minutes can lead to catastrophic data loss and breaches of sensitive government information, undermining national security and public trust.
The Akhter brothers’ past criminal records and suspicious behavior also raise questions about the rigor of vetting processes and ongoing monitoring of insiders with privileged access. For organizations, especially those handling sensitive government data, this case underscores the need for comprehensive offboarding protocols, including immediate credential termination and real-time threat detection to prevent insider sabotage.
What to watch next
Attention now turns to how federal contractors and government agencies will review and strengthen policies to prevent similar incidents. This could include deploying automated systems to revoke access concurrently with termination notices and enhancing incident response capabilities to quickly detect and mitigate insider threats.
Legal repercussions against the Akhter brothers and their former employer’s security practices may also set precedents for accountability in IT offboarding failures. Meanwhile, cybersecurity professionals should revisit risk assessments surrounding human factors in data security, reinforcing the importance of strict access control procedures at the termination stage.