US Federal contractor Opexus hit by insider threat compromising data of US Government agencies
Take action: A third example in two weeks of why insider threats are a very real thing, and why controls and background checks do make sense. Put emphasis on current controls, since background checks may not give a full picture of what a person is capable of.
Learn More
Opexus, a Washington-based software company that processes sensitive data for nearly every US federal agency, has suffered a significant insider threat attack that compromised US government databases and files across multiple agencies.
Opexus, owned by private equity firm Thoma Bravo, specializes in providing digital tools for government agencies to manage electronic records and serves over 100,000 government users and 200 public institutions across the US and Canada. The company has contracts from dozens of federal agencies to handle sensitive government records, including court documents, inspector general investigations, and Freedom of Information Act (FOIA) requests.
The incident occurred in February 2025 . It was carried out by twin brothers Muneeb and Suhaib Akhter, who were hired by Opexus as engineers between 2023 and 2024 despite their criminal histories involving federal wire fraud and hacking charges. Both brothers had been sentenced to prison terms in 2015 for previous cybercrimes, including hacking a cosmetics company to steal credit card information and illegally accessing State Department systems to obtain passport and visa information.
The brothers had access to two critical software systems:
- eCASE, which manages audits of government agencies and investigations into waste, fraud and abuse;
- FOIAXpress, which processes and tracks public records requests.
Their roles gave them access to data from multiple agencies including the Internal Revenue Service, Department of Energy, Defense Department, and the Department of Homeland Security's Office of Inspector General.
The security breach began on February 18, 2025, when the brothers were terminated during a virtual meeting with human resources after the Federal Deposit Insurance Corporation (FDIC) flagged them as insider threats during a background check process. During the termination meeting, while still having access to Opexus servers, Muneeb Akhter immediately began blocking others from connecting to an IRS database, then deleting a GSA database and 33 additional databases.
More than an hour after being fired, Muneeb Akhter inserted a USB drive into his company laptop and copied 1,805 files related to a government project. Subsequently, his brother Suhaib sent an email to dozens of federal government employees warning them about security vulnerabilities at Opexus and claiming the company employed "uncleared personnel" to work with sensitive data.
The incident caused service disruptions, with some agencies losing FOIA requests submitted during specific timeframes. The Export-Import Bank of the United States experienced outages affecting all FOIA requests submitted between February 18 and March 18, 2025.
The incident is being investigated by the Federal Bureau of Investigation and other federal law enforcement agencies. At least one agency, the Department of Health and Human Services, is considering canceling its contract with Opexus due to the security failures. The FBI has expanded its investigation to examine claims about additional "uncleared personnel" and database security vulnerabilities at the company.
Both brothers have denied wrongdoing in interviews, with Muneeb Akhter claiming he doesn't recall the alleged activities and stating that anything he did was for work purposes.
