Government Contractor Opexus Hit with Class Action Lawsuit Over February 2025 Insider Data Breach

A significant class action lawsuit (Ains, LLC d/b/a Opexus a/k/a Casepoint, No. 1:26-cv-00924) was filed in March 2026 against government technology contractor Opexus (formerly known as AINS). The lawsuit stems from a catastrophic “insider threat” data breach in February 2025, where two employees—who were convicted federal hackers—allegedly used their positions to exfiltrate and destroy sensitive government data. 

The breach impacted nearly 80% of federal agencies using Opexus’s FOIAXpress and eCASE platforms, including the EEOC, IRS, and DOJ. Plaintiffs allege Opexus was negligent in its hiring practices and failed to revoke system access during the termination process, leading to the loss of thousands of records and the exposure of personal identifiable information (PII).

Quick Facts 

Field	Detail
Incident Date	February 2025
Lawsuit Filed	March 16, 2026
Defendant	Ains, LLC d/b/a Opexus (formerly AINS)
Breach Type	Insider Threat / Malicious Deletion & Exfiltration
Impacted Data	FOIA requests, federal investigative files, PII
Affected Entities	Up to 78% of U.S. Federal Agencies
Claim Status	Investigation Stage / Proposed Class Action

The “Insider Con” – How the Breach Occurred

The details of the Opexus breach are particularly alarming due to the background of the perpetrators:

• The Hires: In 2023 and 2024, Opexus hired twin brothers Muneeb and Suhaib Akhter as engineers. Both had previously served prison time for a coordinated multi-stage cyberattack on the U.S. State Department.
• The Red Flag: The breach was only triggered when the FDIC flagged the brothers as “insider threats” during an additional security clearance check in February 2025.
• The Attack: Upon learning they were being terminated, Muneeb Akhter allegedly used his company-issued laptop to delete 33 to 96 federal databases and block other users from the system. Simultaneously, he copied 1,805 sensitive files related to a government project onto a USB drive.
• The Outage: Many federal agencies experienced total FOIA system outages lasting over a month, with thousands of pending public records requests permanently lost.

Related article: Quebec Judge Authorizes Class Action Lawsuit Over 68 COVID-19 Deaths at Résidence Angelica

Eligibility & Who Can Join

The class action lawsuit seeks to represent:

• Government Employees: Whose employment records or sensitive project files were accessed or destroyed.
• Private Individuals: Who submitted FOIA requests or documents to federal agencies (like the EEOC or IRS) that were managed by Opexus software between 2023 and February 2025.
• Third Parties: Whose PII was contained within the nearly 2,000 files exfiltrated by the Akhter brothers.

Section 5: Key Allegations Against Opexus

The 54-page complaint asserts that Opexus failed in several critical areas of cybersecurity and corporate governance:

1. Negligent Hiring: Failing to conduct “basic” background checks that would have revealed the brothers’ high-profile federal hacking convictions.
2. Failure to Revoke Access: Allowing the employees to retain administrative “insider privileges” while they were physically in the meeting being terminated.
3. Inadequate Monitoring: Lacking real-time alerts that would have flagged the mass deletion of dozens of databases as it was happening.
4. Delayed Notification: Waiting until late 2025 and early 2026 to fully disclose the extent of the data destruction to the public and affected individuals.

Frequently Asked Questions

Is there a settlement website yet?

No. As of April 2026, the case is in the early litigation phase. There is currently no settlement fund or official claim-filing website.

Were the hackers caught?

Yes. Both Muneeb and Suhaib Akhter have been criminally charged for the breach following an investigation by the DOJ and Mandiant.

What agencies were impacted?

While a full list hasn’t been released, Senate inquiries have identified the EEOC, IRS, FDIC, and DOJ as agencies that suffered database deletions or file thefts.

“Missing Pillars” of Legal Reporting

• Discovery Insights: Discovery is expected to focus on Opexus’s offboarding protocols. Internal communications may reveal why HR and IT departments did not coordinate to kill VPN and local admin access before the termination meeting began.
• Bellwether Context: This case is a “bellwether” for government contractor liability. It tests whether “sovereign immunity” or “contractor shields” apply when a private company’s gross negligence in hiring leads to the destruction of federal records.
• Objector Status: There are currently no objectors, but the federal government may intervene in the civil suit to protect “national security interests” or sensitive investigative data still held by Opexus.
• Tax Implications: While no settlement exists yet, any future payouts for “identity theft protection” or “statutory damages” are typically non-taxable, whereas payments for “emotional distress” without physical injury may be taxable.
• Attorney Fee Breakdown: Plaintiffs’ counsel is operating on a contingency basis, typically seeking 33% of any eventually established settlement fund.

Last Updated: April 8, 2026

Disclaimer: This article is for informational purposes only and does not constitute legal advice. Legal claims and outcomes depend on specific facts and applicable law. For advice regarding a particular situation, consult a qualified attorney.