British hacker 'IntelBroker' charged in US over spree of company breaches

The U.S. has charged a British national known online as “IntelBroker” with hacking dozens of companies around the world, stealing and selling sensitive data, and causing over $25 million in damages, the Justice Department said Wednesday.

Kai West, 25, was arrested in France in February and is currently awaiting extradition to the U.S., where he could face up to 20 years in prison if convicted. The Justice Department said West and his co-conspirators tried to sell stolen data for more than $2 million on illicit forums.

According to a newly unsealed indictment, West infiltrated networks of a U.S.-based telecom firm, a healthcare provider, an internet service provider and more than 40 other victims. He allegedly accessed and sold troves of sensitive information, including customer data, corporate marketing materials and patient health records. In one case, he is accused of offering the healthcare data of thousands of patients, including Social Security numbers and health plan details.

West allegedly sold the stolen data under the moniker “IntelBroker” on a popular hacking forum, believed to be BreachForums — a marketplace for leaked databases and hacking tools. Earlier this week, French media reported the arrest of several suspected BreachForums administrators, known online as ShinyHunters, Hollow, Noct, and Depressed.

Authorities said they connected West to IntelBroker through a controlled purchase of stolen data. They traced the cryptocurrency payment to a Coinbase account registered under West’s real identity. A search of his Gmail account revealed personal and financial records linking him to the online alias, and according to the indictment investigators also found that West used the same IP addresses to log into both his personal accounts and IntelBroker’s profiles.

BreachForums, a notorious hub for trading hacked data and cybercriminal tools, was first disrupted in 2023 following the arrest of its founder, Conor Fitzpatrick, in the U.S. Although the site was taken down again in May 2024, a group of users — including the newly arrested French suspects — reportedly attempted to revive it, continuing its operations under new infrastructure.

IntelBroker was one of the administrators and owners of the platform. Investigators say is linked to several high-profile breaches, including attacks on a Europol website meant for law enforcement experts, the organization that administers healthcare plans for members of the U.S. House of Representatives, and several U.S. state agencies.