Two brothers with system access deleted 96 government databases within minutes of being terminated from their IT positions. The incident highlights a critical security gap in credential management protocols.
The twins, employed as IT administrators, gained access to and systematically wiped multiple government databases immediately following their termination. Security officials confirmed the deletion of 96 separate databases across various systems before access could be revoked.
Investigations revealed the brothers retained active login credentials and administrative privileges even after receiving termination notices. The rapid succession of deletions—accomplished in minutes—suggests premeditation and intimate knowledge of the targeted systems.
This incident underscores a fundamental security vulnerability in many organizations: the failure to disable employee credentials before or during the termination process rather than after. Standard IT security protocol mandates revoking access before informing employees of their termination status.
Government agencies typically follow a sequence that includes:
- Disabling network access
- Revoking credentials
- Recovering equipment
- Documenting access revocation
- Only then conducting the termination meeting
In this case, credentials remained active, allowing the employees to execute destructive commands on critical systems. Recovery efforts are ongoing, with agencies assessing whether backup systems contain recoverable data.
The incident prompted immediate reviews of credential management practices across multiple government departments. Officials are examining other cases where terminated employees retained system access and identifying staff whose credentials have not been properly deactivated.
No statement has been released regarding potential charges against the brothers or recovery timelines for affected systems. The case has become a reference point in security training for proper termination procedures and access control management.
Microsoft says Windows users should expect increased security patches as the company deploys AI tools to identify vulnerabilities in its codebase. The shift reflects a growing reliance on artificial intelligence for proactive threat detection.
A new data-extortion group called Helix is exploiting identity-focused tactics to infiltrate SharePoint environments and steal sensitive data. The group uses voice phishing, device code phishing, and MFA abuse to gain unauthorized access.
Block, the parent company of Cash App, agreed to pay $45 million to resolve a multistate investigation into misleading fraud protection claims. State attorneys general found the company falsely advertised that Cash App offered bank-like protections and advanced fraud detection.
Security threats don't pause when IT staff take time off, yet many organizations reduce staffing during summer months. This mismatch leaves critical systems vulnerable during peak vacation season.