A newly filed court document reveals that a hacker breached multiple U.S. government systems and posted stolen personal data directly on Instagram. Federal prosecutors say Nicholas Moore, a 24-year-old from Springfield, Tennessee, accessed restricted systems belonging to the U.S. Supreme Court, AmeriCorps, and the Department of Veterans Affairs using stolen login credentials. He later published sensitive victim data on an Instagram account named @ihackthegovernment.
The filing confirms that Moore pleaded guilty to wire fraud, a misdemeanor that carries a maximum penalty of one year in prison and a fine of up to $100,000. The case highlights how credential theft continues to expose critical government systems despite modern security controls.
How the Hacker Breached Federal Systems
Court records show that Moore repeatedly logged into the Supreme Court’s electronic filing system between August and October 2023 using compromised credentials. Investigators say he accessed the system at least 25 times and sometimes logged in multiple times per day.
See also: Ingram Micro Ransomware Attack Exposes Data of 42,000 People
Moore also breached the network of AmeriCorps, a federal volunteer agency, and accessed systems belonging to the Department of Veterans Affairs. He used stolen usernames and passwords that belonged to legitimate users who had authorized access to those platforms.
Once inside, Moore accessed private user records, internal filings, and sensitive personal information.
What Data Was Exposed on Instagram
According to prosecutors, Moore posted real victim data publicly on Instagram.
- Supreme Court victim: Moore published the victim’s name and current and past electronic filing records.
- AmeriCorps victim: Moore shared full identity details including name, date of birth, home address, phone number, citizenship status, veteran status, service history, and partial Social Security number.
- Veterans Affairs victim: Moore leaked screenshots showing prescription medications and private health information taken from a veteran’s My HealtheVet account.
Moore also bragged about gaining access to government servers while publishing the stolen data online.
Court Filing Confirms Guilty Plea and Sentencing Limits
The Department of Justice confirmed that Moore pleaded guilty to one count of wire fraud in federal court. The plea agreement outlines a potential sentence of up to one year in prison, a fine of up to $100,000, supervised release, and mandatory financial penalties.
The agreement also notes that Moore has no prior criminal history and faces sentencing under federal guidelines.
See also: Google Quietly Tests Gemini Skills in Chrome to Turn Browsing Into Automated Tasks
This case highlights a growing risk pattern across public-sector systems: attackers often bypass advanced defenses by exploiting stolen credentials rather than breaking encryption or infrastructure.
The breach shows how a single compromised login can expose:
- Government filing systems
- Personal identity data
- Healthcare records
- Internal agency networks
Security teams continue to stress multi-factor authentication enforcement, credential monitoring, and faster breach detection to prevent similar attacks.
What Users Should Do Next
Government employees and contractors should immediately review account security, reset passwords, and enable multi-factor authentication wherever possible. Organizations should audit access logs, monitor unusual login activity, and tighten credential reuse policies.
If agencies detect suspicious access patterns, they should isolate affected accounts quickly and notify impacted users without delay.
At fdaytalk, we will continue tracking this case and publish updates as new court documents emerge.
