Fired Engineer Wipes 96 Government Databases in Minutes and Asks AI How to Clear the Logs

IT administrators are reminded that the first step after an employee is terminated should be the immediate revocation of all system accounts, not merely settling payroll or collecting access cards.

The story centers on 34‑year‑old twins Muneeb and Sohaib Akhter, who had previously served prison time for telecom fraud and computer‑related crimes. In 2023 they were hired by a Washington, D.C. technology firm that provides software and services to 45 federal customers.

On 18 February 2025 the twins were called into a Microsoft Teams meeting and informed they were being fired. Sohaib’s account was disabled promptly, but Muneeb’s remained active.

Six minutes after the meeting, Muneeb logged into the company’s internal network, executed a command to block other users from connecting to a database, and then issued DROP DATABASE dhsproddb, instantly erasing a production database for the U.S. Department of Homeland Security. Within the next hour he repeated the process, deleting a total of roughly 96 databases that stored government information.

He then turned to AI tools, asking “How do I clear system logs from SQL servers after deleting databases?” and “How do you clear all event and application logs from Microsoft Windows Server 2012?” indicating a desire to cover his tracks.

During the sabotage Muneeb also downloaded 1,805 EEOC files to a USB drive and stole tax information for at least 450 federal individuals. The twins kept a real‑time chat, discussing the destruction of backups, the possibility of extortion, and joking about erasing the entire file system.

After the deletions they reinstalled the operating system on the company‑issued laptops to erase activity logs. Three weeks later federal agents arrived, discovering seven firearms and ammunition at Sohaib’s home. The twins remained at large for nine months before being arrested on 3 December 2025 and later convicted of computer fraud, illegal password trafficking, and unlawful firearm possession.

The employing company, later identified as Opexus, admitted that its background checks and termination procedures were insufficient, acknowledging that the failure to disable Muneeb’s account enabled the insider attack.

Reference: https://arstechnica.com/tech-policy/2026/05/drop-database-what-not-to-do-after-losing-an-it-job/