A federal jury has convicted Sohaib Akhter, 34, of Alexandria, Virginia, on charges of conspiracy to commit computer fraud, password trafficking, and unlawful firearm possession after he and his twin brother Muneeb destroyed approximately 96 federal government databases following their termination from a Washington, D.C. technology contractor serving more than 45 US federal agencies.

What Happened

Sohaib and Muneeb Akhter were employed by a D.C.-based technology contracting firm that hosted sensitive federal client data on enterprise servers located in Ashburn, Virginia. The firm served over 45 federal government agencies. After their employment was terminated on February 18, 2025, the brothers retained or reacquired access to protected systems and proceeded to delete roughly 96 distinct federal databases. The pair were arrested in December 2025, and Sohaib was subsequently convicted at trial. He faces a maximum statutory penalty of 21 years in prison at sentencing, scheduled for September 9. The brothers also have a prior federal record, having pled guilty in June 2015 to conspiracy charges tied to attempted unauthorized access of US State Department systems.

What Was Taken

Approximately 96 distinct databases containing critical US government information were destroyed. The compromised systems included case management platforms and Freedom of Information Act (FOIA) response processing software used by federal clients. Prior to the deletion event, the brothers also exfiltrated credentials, including a documented February 1, 2025 incident in which Sohaib executed an unauthorized query against the primary Equal Employment Opportunity Commission (EEOC) database to extract the plaintext password of a complainant using the EEOC Public Portal, which he then handed off to Muneeb. Forensic evidence of the intrusion activity was also systematically destroyed by the perpetrators.

Why It Matters

This case represents one of the most damaging insider threat events targeting US federal infrastructure in recent years, with a single contractor exposing the data of dozens of agencies through two trusted employees. The combination of credential theft from a public-facing federal portal (EEOC), destruction of FOIA processing pipelines, and wholesale deletion of nearly one hundred databases illustrates how a small group of privileged insiders can inflict outsized strategic harm on government operations. The incident also reinforces a recurring concern around third-party contractor risk: federal agencies inherit the access controls, offboarding hygiene, and personnel vetting of their vendors, and a failure at any of those layers becomes a federal-scale failure.

The Attack Technique

According to court records, the brothers leveraged their existing familiarity with the contractor's environment to access protected computer systems without authorization following their February 2025 termination. They write-protected administrative environments to inhibit recovery, executed unauthorized database queries to extract credentials such as the EEOC complainant password, deleted production databases en masse, and then systematically destroyed forensic artifacts associated with their activity. The trafficking of stolen passwords between the co-conspirators and the targeting of FOIA and case-management systems suggest both opportunistic credential abuse and deliberate operational sabotage against the former employer's federal clients.

What Organizations Should Do

1. Enforce immediate, automated revocation of all credentials, VPN tokens, SSH keys, and cloud IAM roles at the moment of employee or contractor termination, with verification by an independent identity team.
2. Apply write-protection, immutable backups, and tamper-evident logging to administrative environments so that destructive insider actions can be detected and reversed.
3. Require multi-party authorization (break-glass, dual-control) for bulk database deletion, schema changes, and production credential queries.
4. Continuously audit contractor and third-party access to federal data, including periodic recertification, just-in-time access provisioning, and least-privilege enforcement on shared multi-tenant infrastructure.
5. Store passwords using strong one-way hashing rather than reversible or plaintext formats, eliminating the possibility of an insider extracting usable credentials directly from a database query.
6. Maintain offline, write-once forensic logging and SIEM alerting on anomalous administrative activity by recently offboarded accounts or accounts performing unusual queries against credential tables.

Sources: Sohaib Akhter Convicted in Government Database Deletion - TechNadu