{"id":23865,"date":"2025-05-30T06:06:04","date_gmt":"2025-05-30T06:06:04","guid":{"rendered":"https:\/\/www.adminbyrequest.com\/?p=23865"},"modified":"2026-01-24T23:00:06","modified_gmt":"2026-01-24T23:00:06","slug":"government-data-wiped-by-insider-hackers-in-opexus-security-breach","status":"publish","type":"post","link":"https:\/\/www.adminbyrequest.com\/en\/blogs\/government-data-wiped-by-insider-hackers-in-opexus-security-breach","title":{"rendered":"Government Data Wiped by Insider Hackers in OPEXUS Security Breach"},"content":{"rendered":"\n

The cybersecurity world got a harsh wake-up call in February 2025 when two convicted hackers working as employees at a major government contractor managed to delete dozens of federal databases and steal thousands of sensitive files. The OPEXUS breach, reported by Bloomberg on May 21<\/a>, exposes critical gaps in how organizations vet employees and control access to sensitive government data.<\/p>\n\n\n\n

How Convicted Hackers Got Government Access<\/strong><\/h2>\n\n\n\n

OPEXUS, a Washington-based software company that handles sensitive data for nearly every US federal agency, was compromised in February by two employees who’d previously been convicted of hacking into the US State Department. The twin brothers, Muneeb and Suhaib Akhter, had been hired as engineers between 2023 and 2024 despite their criminal histories involving federal wire fraud and hacking charges.<\/p>\n\n\n\n

The brothers had access to critical government systems that manage everything from IRS data to Freedom of Information Act requests. Their roles gave them access to two critical software systems: eCASE, which manages audits of government agencies and investigations into waste, fraud and abuse, and FOIAXpress, which processes and tracks public records requests.<\/p>\n\n\n\n

The question that should concern every organization: how did two people with criminal convictions for hacking government systems end up with access to some of the most sensitive federal databases in the country?<\/p>\n\n\n\n

In 2015, both brothers had been sentenced to prison terms<\/a> for previous cybercrimes, including hacking a cosmetics company to steal credit card information and illegally accessing State Department systems to obtain passport and visa information. Yet they were hired by OPEXUS to work on electronic case management for agencies including the Internal Revenue Service, Department of Energy, Defense Department, and the Department of Homeland Security’s Office of Inspector General.<\/p>\n\n\n\n

OPEXUS declined to comment on whether it conducted background checks on the brothers before hiring them. The brothers’ criminal history only surfaced when the FDIC flagged them as insider threats during a background check process for additional security clearance. This led to their termination on February 18, 2025 – and that’s when things went very wrong.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

The Attack Unfolds<\/strong><\/h2>\n\n\n\n

According to the independent cybersecurity investigation by Mandiant<\/a>, the brothers retained access to OPEXUS systems during their termination process. While still on the virtual meeting with HR, Muneeb Akhter accessed an IRS database from his company-issued laptop, blocked others from connecting to it, then proceeded to delete 33 databases, including one containing FOIA requests from numerous government agencies.<\/p>\n\n\n\n

More than an hour after being terminated, he inserted a USB drive and copied 1,805 sensitive files related to a government project. Meanwhile, his brother sent an email to dozens of federal government employees warning them about security vulnerabilities at OPEXUS.<\/p>\n\n\n\n

The damage was extensive. FOIA requests at numerous federal agencies in February were lost, with some agencies experiencing outages lasting over a month<\/a>. The Export-Import Bank saw all FOIA requests from February 18 to March 18 completely eliminated.<\/p>\n\n\n\n

A Growing Problem<\/strong><\/h2>\n\n\n\n

This incident isn’t isolated. According to Cybersecurity Insiders’ 2024 Insider Threat Report<\/a>, 83% of organizations reported at least one insider attack in the past year. More concerning, 48% of organizations reported<\/a> that insider attacks have become more frequent over the past 12 months.<\/p>\n\n\n\n

The statistics reveal a troubling trend:<\/p>\n\n\n\n