Twin Brothers Wipe 96 Government Databases Minutes After Being Fired

What happens when insider threats collide with negligent security protocols? A shocking case involving twin brothers Muneeb and Sohaib Akhter, accused of wiping 96 government databases within minutes of being fired, offers a cautionary tale for employers and IT firms alike. The incident, which jurists have described as one of the most comprehensive data breaches by insiders, underscores the growing need for stronger preemptive security measures in both the private and public sectors.

The Road to Devastation: How the Akhters Exploited Insider Access

Muneeb and Sohaib Akhter, both experienced IT professionals, were no strangers to controversy. According to arstechnica.com, the brothers had a criminal record dating back to 2015, where they pleaded guilty to computer and wire fraud schemes. Despite this past, they managed to reenter the tech industry, with Muneeb securing a job at a Washington, DC-based firm in 2023. A year later, Sohaib joined the same organization, which offered software solutions to 45 federal clients.

The seemingly routine nature of these roles masked a darker subplot. Citing court filings, arstechnica revealed that Muneeb had secretly accumulated a database of 5,400 usernames and passwords from his company’s network. These credentials were used to craft Python scripts to log into platforms like DocuSign, Marriott, and airline portals, where Muneeb sometimes used victims’ assets—such as frequent-flyer miles—for personal gain.

When the employer became aware of their activities in February 2025, they acted quickly. Both brothers were fired during a virtual meeting on February 18, their accounts supposedly deactivated immediately. What followed next was nothing short of chaos.

The Aftermath: Sabotage in Minutes

Firing an employee with access to sensitive systems is always a delicate matter, but this case illustrates the dire consequences of oversight. While Sohaib’s access to the company’s systems was swiftly revoked, Muneeb’s credentials slipped through the cracks. This allowed him to launch a systemic attack just minutes after the dismissal.

Within six minutes—starting at 4:56 PM—Muneeb began issuing commands to prevent other users from accessing critical government databases maintained by the firm. By the time the employer identified and terminated his access, 96 databases had already been compromised. According to The Register, these databases hosted integral US government information, making their destruction particularly damaging.

Industry analysts point out that Muneeb’s actions reveal a significant failure in offboarding protocols. “This is not just about a bad actor,” noted an IT security consultant. “It’s about glaring procedural lapses like overlooking active accounts. Such oversights render even the most meticulous cyber defenses useless.”

Lessons from the Breach

This case sheds light on several weak links in cybersecurity, particularly in environments where ex-employees retain unrestricted access to sensitive resources. Below are some critical takeaways:

1. Immediate Credential Revocation Is Non-Negotiable

A key oversight in this incident was the delayed revocation of Muneeb’s account credentials. The incident has fueled broader discussions among IT leaders about implementing real-time credential deactivation during terminations.

2. Pre-Employment Screening Is Critical

Employers in high-stakes industries must reevaluate their hiring and vetting processes. While the Akhter brothers’ criminal pasts were a matter of public record, their employer failed to act on this information until it was too late. Given the sensitive nature of the company’s clientele, this lapse proved catastrophic.

3. Proactive Threat Monitoring

According to cybersecurity firms, procedures like monitoring unusual login behavior or flagging bulk database queries could foster early intervention. “Most organizations rely on reactive strategies to detect insider threats. By then, the damage is already done,” noted a cybersecurity analyst.

Broader Implications for Cybersecurity

The Akhter database wipe has reignited discussions not just about insider threats but also about evolving methods of workplace dismissal. As reported by Slashdot, many U.S. firms now deactivate employee credentials before even notifying staff of their termination. While viewed as impersonal, such measures are increasingly seen as necessary to secure systems.

Beyond individual institutions, the loss of 96 government databases adds another layer of urgency to federal-level cybersecurity initiatives. Authorities must invest more in securing contractor ecosystems, enforcing accountability, and ensuring compliance with data-protection standards.

What’s Next?

The court proceedings surrounding the Akhter brothers are likely to continue making headlines, with one brother already convicted, according to The Register, and the other still facing trial. Meanwhile, their actions serve as a stark reminder of the damage insiders can inflict on critical systems if procedures fail.

Looking ahead, organizations are being urged to adopt zero-trust frameworks where access privileges are granted only on a need-to-know basis, and comprehensive auditing ensures accountability at every level.

In an era where the stakes of digital trust have never been higher, robust preventative measures are not just operational necessities—they are existential imperatives.