Two brothers who worked as IT contractors for the U.S. government allegedly deleted 96 government databases within minutes of being dismissed from their shared employer, federal authorities say, in a case that underscores longstanding vulnerabilities in how agencies manage digital access for departing staff.
Federal prosecutors have accused the Akhter twins of carrying out a rapid and deliberate act of digital sabotage after losing their government IT contracting roles, allegedly wiping out 96 databases hosting U.S. government information in the brief window between their termination and the deactivation of their credentials.
According to authorities, the brothers retained active access to the systems long enough after being fired to execute what appears to have been a coordinated deletion. The speed of the alleged attack — carried out in minutes — suggests the pair acted immediately upon learning of their dismissal, before administrators had an opportunity to revoke their system privileges.
The case has drawn renewed attention to a well-known but often inadequately addressed security challenge: ensuring that employees and contractors lose digital access at the precise moment they lose their jobs, or ideally before any termination notice is delivered.
In many private-sector organisations, credential revocation now routinely precedes — or coincides exactly with — the notification of termination. Workers may discover they have been let go only when they find themselves locked out of email or internal systems. While this practice can feel impersonal or even harsh, security professionals have long argued it is a necessary safeguard.
Government contracting arrangements can complicate this process. Contractors often hold access across multiple agencies or systems administered by different teams, making simultaneous, comprehensive revocation more difficult to coordinate than in a single corporate environment.
Federal authorities noted that the Akhter brothers had prior criminal convictions — a detail that raises questions about the vetting procedures that allowed them to obtain and retain access to sensitive government infrastructure in the first place.
The deleted databases reportedly contained U.S. government information, though federal authorities have not publicly detailed the full scope or sensitivity of the lost data, nor whether backups were available to restore the affected systems.
The brothers face serious federal charges. If convicted, they could face substantial prison sentences under laws governing computer fraud and the destruction of protected computer systems.
The incident is the latest in a series of insider threat cases to affect government IT infrastructure, and cybersecurity experts say it illustrates why access governance — knowing who has access to what, and removing that access promptly when circumstances change — remains one of the most practically challenging areas of institutional security.
Analysis
Why This Matters
- Government databases may contain sensitive public records, law enforcement data, or operational information; their loss or corruption can have serious downstream consequences for citizens and agencies alike.
- The case exposes structural weaknesses in how federal contractors are vetted and how quickly their access can be revoked — vulnerabilities that malicious actors, whether insiders or external threats, can exploit.
- With government IT increasingly reliant on contracted labour, the incident may prompt legislative or regulatory scrutiny of contractor access management standards.
Background
Insider threats — malicious actions taken by current or former employees and contractors — have long been recognised as among the most damaging cybersecurity risks facing organisations. Unlike external attackers, insiders often have legitimate, deep access to systems and understand their architecture well.
The U.S. federal government employs hundreds of thousands of contractors across its IT infrastructure, creating a sprawling and complex access management challenge. High-profile insider incidents over the past two decades, from the Edward Snowden disclosures to various data theft cases, have repeatedly prompted reviews of access controls, with mixed results.
The Akhter case is notable because the brothers had prior criminal convictions, raising questions about whether existing background check and vetting processes for government IT contractors are sufficiently robust or consistently applied across agencies and contracting firms.
Key Perspectives
Federal Prosecutors: Authorities allege the deletion was deliberate and coordinated, carried out within minutes of termination — characterising it as a calculated act of sabotage rather than accidental data loss.
Security Professionals: Cybersecurity experts have consistently warned that the window between a termination decision and credential revocation represents a critical vulnerability. Many advocate for revocation to occur before or simultaneously with any dismissal notification, a practice not universally followed in government contracting.
Critics/Skeptics: Civil liberties advocates and labour groups have raised concerns about the broader trend of pre-emptive credential revocation, arguing it can be used to prevent workers from documenting wrongdoing or accessing records relevant to disputes — a tension that sits uncomfortably alongside genuine security needs.
What to Watch
- Whether federal agencies announce updated contractor vetting or access revocation policies in response to the case.
- The outcome of the brothers' prosecution and the sentences imposed, which will signal how seriously courts treat database destruction as a federal cybercrime.
- Any congressional hearings or inspector general investigations into the government systems affected and whether adequate backups existed to restore the deleted databases.