Twin brothers from Virginia previously convicted of cybercrimes have been arrested for allegedly hacking into U.S. government databases and deleting troves of information.

Muneeb and Sohaib Akhter, both 34, are facing years in prison after allegedly abusing their roles as federal contractors to delete about 96 databases storing U.S. government information in February. The Department of Justice said they were arrested on Wednesday.

According to an indictment filed on November 13, the two were fired from their jobs on February 18 and sought to harm their employer by deleting databases containing “records and documents related to Freedom of Information Act (FOIA) matters administered by federal government departments and agencies, as well as sensitive investigative files of federal government components.”

Muneeb Akhter is facing charges of aggravated identity theft, conspiracy to commit computer fraud and to destroy records, theft of U.S. government records and other charges, amounting to a maximum penalty of 45 years in prison. 

Sohaib Akhter is facing a maximum penalty of six years in prison after being charged with conspiracy to commit computer fraud and to destroy records, and computer fraud.

The brothers’ employer is not named in the indictment but prosecutors said it is based in Washington, D.C., and provides software services to more than 45 U.S. federal agencies — including the United States Equal Employment Opportunity Commission (EEOC), the Department of Homeland Security and the Internal Revenue Service. 

Bloomberg reported in May that the contractor is a software company named Opexus. The news outlet published a lengthy story about the two men, writing that they both had access to eCASE, a system used for government agency audits and FOIAXpress, which tracks public records requests. Bloomberg noted that it was told all FOIA requests between February 14 and February 18 at certain agencies were permanently lost. Another agency lost FOIA request records from February 18 to March 18. 

Federal prosecutors said that between February 18 and 25, Muneeb Akhter deleted several databases, and one minute after deleting a Department of Homeland Security database, he asked an artificial intelligence tool how to clear system logs following the deletion of databases.

The two wiped their laptops before returning them to the unnamed federal contractor they previously worked for and were caught by law enforcement discussing ways they could clean out their house in advance of a police search, prosecutors said.

“On February 18, 2025, at approximately 5:14 p.m., SOHAIB AKHTER stated aloud, ‘they’re gonna probably raid this place,’ to which MUNEEB AKHTER replied, ‘Til clean this shit up.’ SOHAIB AKHTER responded, ‘We also gotta clean stuff up from the other house, man,’” according to the indictment. 

Among the documents stolen, prosecutors said Muneeb Akhter took information from the EEOC and copies of IRS information stored on a virtual machine on about 450 people. 

“These defendants abused their positions as federal contractors to attack government databases and steal sensitive government information,” said acting Assistant Attorney General Matthew Galeotti. “Their actions jeopardized the security of government systems and disrupted agencies’ ability to serve the American people.”

Long hacking history

Prosecutors noted that both brothers were previously convicted of hacking charges in the 2010s. 

Several of the incidents occurred while they were either directly employed by federal agencies or working through contractors for the federal government. 

A 2015 case that involved both brothers and another man initially revolved around stolen credit card information from about 40 people used to purchase airline tickets and hotel bookings from Expedia, U.S. Airways, and more than 15 other companies. 

Prosecutors alleged that Muneeb Akhter was trying to join an unnamed hacking collective and attempted to prove his skill by conducting cybercrimes. 

The case eventually expanded beyond stolen credit card numbers when prosecutors found that Muneeb Akhter illegally accessed federal data held by a company he was working for in 2013. 

In 2014, Muneeb Akhter was hired in an IT role at the Department of Homeland Security and Sohaib Akhter was hired through a contractor for work at the State Department. 

The two then used their access to download troves of sensitive information from DHS and the State Department. 

The men "engaged in a series of computer intrusions and attempted computer intrusions against the State Department to obtain sensitive passport and visa information and other related and valuable information about State Department computer systems."

Muneeb Akhter pleaded guilty to the charges in that case and was sentenced to about three years in prison but served more time for repeatedly violating the terms of his supervised release. Sohaib Akhter also served years in prison for that case before he was released.