Twin brothers wipe 96 gov't databases minutes after being fired

Two brothers employed at a government agency deleted 96 databases within minutes of their termination, exposing a critical gap in how agencies manage system access during personnel changes.

The incident occurred after the brothers received notice of their firing. Rather than wait for IT staff to revoke their credentials, they used their active access to launch a systematic deletion across multiple government databases. The scale and speed of the destruction, happening in just minutes, suggests the brothers had broad administrative privileges and knew exactly where critical systems lived.

This case underscores a fundamental security failure: credentials remained active after termination notices were issued but before formal access revocation completed. Government agencies typically maintain separation between HR and IT departments, creating windows where fired employees retain system access long enough to cause damage.

Standard security practice demands credential revocation happen before or immediately upon termination notification, not after. The delay between firing and access lockdown left the databases vulnerable to intentional sabotage. In this case, recovery became necessary and expensive.

The brothers' ability to delete 96 separate databases indicates they held administrative-level access across multiple systems. Most agencies now implement automated access revocation tied to termination dates in HR systems, but this case suggests either that automation failed, wasn't deployed, or faced unexpected delays.

IT security professionals cite this type of incident as justification for implementing zero-trust access models, where credentials expire more frequently and administrative access requires additional verification steps. Agencies have also begun using immutable backups and database snapshots that prevent deliberate deletion, even by administrators.

The case also raises questions about why such broad database access existed in the first place. Least-privilege principles suggest the brothers should have held only the access needed for their specific roles, not permissions spanning dozens of databases.

This incident ranks among the most damaging insider threats prosecuted at the federal level, both in terms of data loss and recovery costs. It demonstrates why IT security protocols must execute