Insurance Journal reports an insider data breach that will leave many people wondering exactly what a government contractor did in terms of background checks on its employees. In this case, the two allegedly rogue employees at Opexus (formerly known as AINS) were twin brothers who were previously convicted and served time for hacking crimes:
A software company that handles sensitive data for nearly every US federal agency was the victim of a cyber breach earlier this year due to a “major lapse” in security measures, according to documents reviewed by Bloomberg News.
Opexus, which is owned by the private equity firm Thoma Bravo and provides software services for processing US government records, was compromised in February by two employees who’d previously been convicted of hacking into the US State Department. The findings were detailed in separate reports by Opexus and an independent cybersecurity firm, which characterized the incident as an “insider threat attack.”
The investigations found that the employees, twin brothers Muneeb and Suhaib Akhter, improperly accessed sensitive documents and compromised or deleted dozens of databases, including those that contained data from the Internal Revenue Service and the General Services Administration. The brothers have since been terminated.
… The damage attributed to the brothers includes the destruction of more than 30 databases and the removal of more than 1,800 files related to one government project, according to the cybersecurity firm’s report. Opexus’ own investigation found that the brothers’ conduct led to an outage of two key software systems used by government agencies to process and manage their records, and in some cases a permanent loss of data.
Read more on Insurance Journal.
