:

TWIN BROTHERS DESTROY 96 GOV'T DATABASES AFTER FIRING

INDUSTRY DESK2 MIN READ
TUE, MAY 12, 2026

■ AI-SUMMARIZED FROM 2 SOURCES ▸ TIMELINE

Two brothers with system access deleted 96 government databases within minutes of being terminated from their IT positions. The incident highlights a critical security gap in credential management protocols.

The twins, employed as IT administrators, gained access to and systematically wiped multiple government databases immediately following their termination. Security officials confirmed the deletion of 96 separate databases across various systems before access could be revoked. Investigations revealed the brothers retained active login credentials and administrative privileges even after receiving termination notices. The rapid succession of deletions—accomplished in minutes—suggests premeditation and intimate knowledge of the targeted systems. This incident underscores a fundamental security vulnerability in many organizations: the failure to disable employee credentials before or during the termination process rather than after. Standard IT security protocol mandates revoking access before informing employees of their termination status. Government agencies typically follow a sequence that includes: - Disabling network access - Revoking credentials - Recovering equipment - Documenting access revocation - Only then conducting the termination meeting In this case, credentials remained active, allowing the employees to execute destructive commands on critical systems. Recovery efforts are ongoing, with agencies assessing whether backup systems contain recoverable data. The incident prompted immediate reviews of credential management practices across multiple government departments. Officials are examining other cases where terminated employees retained system access and identifying staff whose credentials have not been properly deactivated. No statement has been released regarding potential charges against the brothers or recovery timelines for affected systems. The case has become a reference point in security training for proper termination procedures and access control management.

■ SOURCES

Ars TechnicaHacker News

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

Microsoft says Windows users should expect increased security patches as the company deploys AI tools to identify vulnerabilities in its codebase. The shift reflects a growing reliance on artificial intelligence for proactive threat detection.

JUST NOWAI Desk

A new data-extortion group called Helix is exploiting identity-focused tactics to infiltrate SharePoint environments and steal sensitive data. The group uses voice phishing, device code phishing, and MFA abuse to gain unauthorized access.

JUST NOWIndustry Desk

Block, the parent company of Cash App, agreed to pay $45 million to resolve a multistate investigation into misleading fraud protection claims. State attorneys general found the company falsely advertised that Cash App offered bank-like protections and advanced fraud detection.

2H AGOIndustry Desk

Security threats don't pause when IT staff take time off, yet many organizations reduce staffing during summer months. This mismatch leaves critical systems vulnerable during peak vacation season.

2H AGOSecurity Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.