Cyber Incident Victim: AmeriCorps
Date:
Jan 2023
Location:
United States of America
Summary
A Tennessee man pleaded guilty to hacking the U.S. Supreme Court's filing system using stolen credentials, illegally accessing personal records on over two dozen occasions and subsequently posting compromised information on a public Instagram account. The same individual also breached AmeriCorps' computer servers and a Department of Veterans Affairs platform, exfiltrating and disclosing users' personal data through the same social media channel. He admitted to one misdemeanor count of computer fraud related to these unauthorized intrusions, facing a maximum sentence of one year in prison.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 0 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In January 2026, Nicholas Moore, a 24-year-old from Springfield, Tennessee, pleaded guilty in U.S. District Court in Washington, D.C., to multiple computer intrusions targeting federal systems. Court records revealed that Moore conducted unauthorized access to three government entities: the U.S. Supreme Court’s filing system, AmeriCorps’ computer servers, and the Department of Veterans Affairs’ “MyHealtheVet” platform. These intrusions occurred in 2023, with Moore specifically hacking the Supreme Court’s system on 25 separate days. He utilized stolen credentials to breach these systems, accessing personal records belonging to the legitimate account holders whose credentials he compromised. After obtaining the information, Moore publicly disclosed victim data through an Instagram account under the handle “@ihackedthegovernment,” where he posted screenshots of the compromised records. The Supreme Court intrusion involved accessing personal records of the credential holder, while the AmeriCorps and VA breaches similarly involved extracting users’ personal information, including data from a U.S. Marine Corps veteran’s health account.
U.S. Attorney Jeanine Pirro’s office formally charged Moore the week preceding his January 2026 guilty plea, culminating in his admission to one misdemeanor count of computer fraud under federal law. The charge carries a maximum penalty of one year in prison, with sentencing scheduled for April 17, 2026, before U.S. District Judge Beryl Howell. No evidence suggested broader systemic compromises beyond the credential-based intrusions Moore admitted to executing. The incidents resulted in confirmed unauthorized access to and public exposure of personally identifiable information from at least three victims across the targeted systems. Court filings did not disclose whether restitution or additional penalties were being sought beyond the statutory sentencing guidelines for the misdemeanor conviction. Prosecutors documented the operational pattern of using stolen credentials for access followed by social media disclosure as central to Moore’s criminal conduct.