Former Contractor Convicted for Wiping Dozens of Federal Databases

On March 15, 2023, a federal jury in the Eastern District of Virginia found Austin M. Collins, 34, of Arlington, Virginia, guilty of one count of conspiracy to commit computer fraud and one count of destruction of government data. Collins was employed as a senior database administrator by defense contractor Leidos Holdings Inc. until his termination in August 2022. Following his dismissal, he allegedly abused still‑active privileged credentials to access the company’s federal client networks, resulting in the systematic deletion of 48 production databases spanning multiple executive‑branch agencies.

According to the indictment, Collins used an internal script named “purge_db.sh” to issue DROP DATABASE commands against Oracle 19c instances that housed critical systems for the Department of Defense’s logistics platform, the Federal Aviation Administration’s air‑traffic‑control registry, and the Social Security Administration’s earnings‑record repository. The script executed through a scheduled cron job on a management server that retained his administrative token after his HR separation. The attack erased more than 71 terabytes of data, causing an estimated $12 million in remediation costs and disrupting real‑time reporting for over 200,000 federal employees. FBI’s Cyber Division traced the malicious activity to Collins’ home IP address after correlating log entries from the central SIEM platform with his personal VPN usage.

The U.S. Attorney’s Office for the Eastern District of Virginia filed charges under 18 U.S.C. §§ 1030(a)(5) and 1362, which carry a maximum penalty of 20 years imprisonment and $250,000 in fines for each count. In a statement, U.S. Attorney John G. McCabe emphasized that the case highlights the “ongoing risk posed by insider threats within the federal contractor supply chain.” The Department of Justice also noted that Collins’ continued access after termination underscored a failure in privileged identity management (PIM) practices, prompting a forthcoming inter‑agency advisory on mandatory revocation of credentials within 24 hours of employee separation.

The conviction has renewed calls for stronger security controls across the contractor ecosystem. Security experts recommend implementing real‑time monitoring of account activity, enforcing multi‑factor authentication for all administrative functions, and adopting automated de‑provisioning workflows that immediately revoke access upon termination. As the case moves toward sentencing, federal agencies are expected to incorporate lessons learned into their vendor‑risk‑management frameworks, aiming to mitigate similar insider‑driven incidents in the future.