New: Zero Standing Privileges Checklist – Find your standing privilege gaps in minutes

Download
Login Book a demo

How Contractor Privileged Access Failures Exposed Data Across 45 Federal Agencies

Gabriel Avner

December 8, 2025

How Contractor Privileged Access Failures Exposed Data Across 45 Federal Agencies post thumbnail

Earlier this year, twin brothers Muneeb and Sohaib Akhter, both government contractors, were fired from their employer. Minutes later, they began a weeklong insider attack that compromised or destroyed data belonging to more than 45 federal agencies.

According to CyberScoop’s report, the Justice Department, the brothers deleted 96 databases (including a Homeland Security production DB), stole IRS and EEOC records, copied thousands of files, and even used AI tools to learn how to wipe logs and avoid detection.

Their employer hosted sensitive data for DHS, IRS, EEOC, and other agencies. In minutes, critical investigative files, regulated data, and FOIA records were suddenly corrupted or missing.

This wasn’t a sophisticated nation-state operation. It was a pair of disgruntled insiders acting immediately after termination who used the privileged access they once legitimately held.

The Most Damaging Attacks Often Come From the Inside

Most security incidents still originate outside the organization, but insider risk remains a persistent problem. According to the 2025 Verizon DBIR:

  • 18% of incidents involve internal users
  • 65% of those stem from mistakes
  • 31% stem from privilege misuse

And the trend is worsening: nearly half of organizations reported an increase in insider attacks last year, and insider-driven data loss now costs companies an average of $15 million annually.

The Akhter brothers did not need to probe for vulnerabilities. They already understood:

  • Where sensitive data lived
  • How the contractor’s systems worked
  • Which paths lacked guardrails
  • What privileges gave them maximum destructive power

Insider threat is dangerous not because insiders are brilliant attackers, but because they already know how everything works. Standing access turns that knowledge into damage, making it all the more important to ensure that former employees are fully removed from systems before they can inflict damage.

When JML Fails, Contractors and Leavers Become High-Risk Actors

Joiner-Mover-Leaver processes often look clean on paper. In reality, contractors, temporary workers, and short-term staff often fall through the cracks.

They may receive broad access “to get the job done,” and their privileges often:

  • Don’t map neatly to HR lifecycle controls
  • Aren’t regularly reviewed
  • Remain active longer than intended
  • Aren’t removed quickly when they leave

In this case, the attack began minutes after termination. Far faster than traditional offboarding workflows could react.

Modern access governance must assume:

  • Any identity can become malicious instantly.
  • Access must be removed immediately and automatically.
  • No user should retain standing privileges capable of material damage.

If your privilege model depends on manual cleanup or pre-created roles that persist indefinitely, JML failures are inevitable. This creates risk for your organization and your customers.

Customer Trust Depends on Your Access Governance

The breached contractor handled data for more than 45 federal agencies. These customers assumed their provider had the controls needed to prevent exactly this type of insider misuse.

When that trust is broken, the consequences ripple outward:

  • Agencies lose access to mission-critical systems
  • Sensitive data becomes exposed, corrupted, or unrecoverable
  • Incident response sprawls across multiple organizations
  • Vendor trust is damaged

Access governance is not just internal hygiene. It is a customer assurance requirement, especially for companies handling regulated or sensitive workloads. You need to be able to meet security requirements, maintain them continuously, and be able to prove them to auditors and your customers.

Zero Standing Privilege: A Practical Defense Against Insider Threats

Zero Standing Privilege (ZSP) is based on a simple principle. No identity should retain permanent access to sensitive systems.

Instead:

  • Access is granted only at the moment of need
  • Permissions are tightly scoped
  • Elevation automatically expires

While ZSP is often introduced as a defense against stolen credentials, it is equally powerful for insider threats. Especially for contractors and leavers whose access may not be tightly governed.

ZSP reduces insider risk by:

  • Removing the always-available privileges insiders can weaponize
  • Shrinking the blast radius of any one identity
  • Preventing both malicious actions and accidental damage

The Akhter incident is a clear example of why permanent, unmonitored access is no longer acceptable. Apono offers a different approach that eliminates many of these risks.

How Apono Makes ZSP Operational: Risk Tiering + Policy Automation

Apono’s Privileged Cloud Platform turns ZSP principles into enforceable controls.

Apono’s access platform is built around dynamic risk tiering, which automatically aligns friction with sensitivity:

Tier 1: Low-Risk Resources

  • Automatic provisioning
  • No approvals
  • Short-lived, least-privilege access
  • Ideal for dev/test, internal tools, and everyday workflows

Tier 2: Medium-Risk Resources

  • Self-serve Just-in-Time access
  • Limited duration
  • Optional lightweight approvals
  • Helps eliminate standing access without slowing engineers down

Tier 3: High-Risk Resources

  • Explicit manual approval (manager, system owner, or security)
  • Strong justification
  • Very short access windows
  • Full auditing and session visibility

With this model:

  • Routine engineering stays fast
  • Sensitive actions carry friction
  • Standing privileges disappear
  • Insider blast radius shrinks dramatically

Apono enforces these tiers automatically by blending risk and usage data, generating temporary least-privilege roles on the fly. This removes the need for massive prebuilt role catalogs and ensures every identity receives only the exact permissions required in that moment.

Taking the Next Step Toward Smarter Access Controls

This incident demonstrates why sensitive resources cannot rely on standing access or delayed offboarding. Privileges must disappear the moment they are no longer required, high-risk actions must require explicit approval, and access pathways must reflect the sensitivity of what they protect. Zero Standing Privilege and Just-in-Time access provide the guardrails that ensure destructive actions are never a single click away.

If you want to quickly assess where standing privileges may already exist in your environment, start with our Zero Standing Privilege Checklist — a simple way to benchmark your current exposure. 

And when you’re ready to compare Cloud PAM approaches that operationalize ZSP, our Privileged Access Buyer Guide + RFP Checklist breaks down the capabilities that matter most and the questions that separate cloud-native solutions from legacy ones.

back icon

Back

Related Posts

Apono Expands Leadership to Accelerate Platform Innovation and Customer Experience post thumbnail

Apono Expands Leadership to Accelerate Platform Innovation and Customer Experience

New VPs of R&D and Customer Experience Join to Drive Platform Expa...

The Apono Team

June 24, 2025

What is Enterprise Identity Management? post thumbnail

What is Enterprise Identity Management?

By 2025, non-human identities (like service accounts, API keys, and bo...

The Apono Team

July 31, 2025

9 Best Practices for Using AWS Access Analyzer post thumbnail

9 Best Practices for Using AWS Access Analyzer

Maintaining a strong security posture is crucial in today’s digi...

Ofir Stein

April 7, 2024