Young hacker unauthorised access to AmeriCorps and VA Supreme Court systems and disseminate sensitive data

A young man from Tennessee pleaded guilty for unauthorised access to systems that should be especially protected: the United States Supreme Court electronic document-filing system and accounts belonging to AmeriCorps and the Department of Veterans Affairs (VA). The prosecution, presented by federal prosecutors, describes repeated intrusions over a period of months and the public disclosure of sensitive data through an Instagram account.

According to the judicial documents, the accused used stolen credentials to enter the electronic presentation system of the Supreme Court on at least a twenty occasions between August and October 2023, arriving several days to open a meeting with the same committed accounts. The Office of the Prosecutor details these accesses in the publicly available presentation to the court; the file is available in the online judicial documents repository. Here..

What makes the situation worse was not just the technical intrusion, but the display of the stolen information. The young man shared screenshots and data from the accounts committed to an Instagram account, publishing victim names and details of the Court's system. The Department of Justice provided a summary of the case and specifically noted these publications; its official communiqué is available on the website of the Department of Justice Here..

In addition to the Supreme Court, the investigation points to unauthorized access to AmeriCorps accounts and to the My HealtheVet personal health history portal of the Department of Veterans Affairs. In the case of AmeriCorps, the intruder accessed an account several times and downloaded personal information - name, date of birth, addresses, phone numbers, citizenship status, service history and even the last four digits of the Social Security number - which were then also disseminated on the same social media account. To contextualize, the AmeriCorps organization and its portals are available on its official website: Americorps.gov.

In the case of VA, the intruder used stolen credentials from a Marine Corps veteran to access the My HealtheVet portal on several occasions, obtaining private clinical information such as prescribed drugs and other intimate health data. The VA manages the country's largest integrated health care system; its official page is va.gov where the services and resources for veterans are explained.

Legally, the accused admitted his responsibility for a federal charge of computer fraud, which in this case appears as a minor offence with a maximum of one year & apos; s imprisonment and a fine of $100,000. The documents containing the formal confession are also archived in the public file available online. Here..

Beyond individual punishment, this episode raises questions about the protection of critical systems and the vulnerability of committed credentials. Many unauthorized access is not due to sophisticated intrusions to servers, but to the use of usernames and passwords that have been filtered or reused in different services. Public photography of leaks - social media display - adds additional damage because it exposes the name and privacy of the victims, complicates investigations and multiplies the risk of fraud or extortion.

For those affected by leaks or access to institutional accounts, the security authorities and experts recommend specific actions: immediately notify the institution concerned (e.g. AmeriCorps or VA), change passwords and activate the authentication of two factors when available, monitor the credit report and consider freezing it if there is evidence of fraudulent use, and submit complaints to the relevant authorities. General resources on identity theft and practical steps are available on pages such as the Federal Trade Commission: FTC - Identity theft.

From a broader perspective, the case underlines the need for public and private entities to strengthen prevention measures: continuous monitoring of access, strict credentials management policies, widespread use of multifactor authentication, early detection of anomalous behaviour and incident response programmes that include rapid notification to affected persons. The reputational and human cost of exhibitions like this goes beyond a criminal penalty: it erodes public confidence in key institutions and leaves citizens at real risk.

In a world where personal and judicial information is digital, the balance between accessibility and security remains fragile. Cases such as this should be a reminder: security is not only a technical problem, but also a matter of responsibility and organizational culture. For institutions and users, the lesson is clear: do not lower your guard and demand measures that protect not only systems, but people behind each account.