This breach may not turn out to be the biggest insider breach of 2025, but it may well turn out to be one of the most impactful.
Jason Leopold reports:
A software company that handles sensitive data for nearly every US federal agency was the victim of a cyber breach earlier this year due to a “major lapse” in security measures, according to documents reviewed by Bloomberg News.
Opexus, which is owned by the private equity firm Thoma Bravo and provides software services for processing US government records, was compromised in February by two employees who’d previously been convicted of hacking into the US State Department. The findings were detailed in separate reports by Opexus and an independent cybersecurity firm, which characterized the incident as an “insider threat attack.”
The investigations found that the employees, twin brothers Muneeb and Suhaib Akhter, improperly accessed sensitive documents and compromised or deleted dozens of databases, including those that contained data from the Internal Revenue Service and the General Services Administration. The brothers have since been terminated.
Read more from Bloomberg at Insurance Journal. It’s a long read, but great reporting and details by Jason Leopold.
Related: Coverage of the Akhter twins’ earlier arrest, conviction, and sentencing in 2015.