A 25-year-old British national named Kai West, believed to be the notorious hacker IntelBroker, has been arrested and charged.
The US Justice Department unsealed charges against West on Wednesday, saying that he was arrested in February 2025 in France. The United States wants to have him extradited to face charges of conspiracy to commit computer intrusions, conspiracy to commit wire fraud, accessing a protected computer to obtain information, and wire fraud.
French authorities, which said West was placed in pre-trial detention, thanked the United States for assistance in identifying him and other suspected hackers.
West, who according to US authorities also used the alias Kyle Northern, faces up to 20 years in prison for each of the wire fraud charges, and up to five years for the hacking charges.
IntelBroker is best known for leaking and offering to sell data stolen from the systems of major organizations. The hacker targeted companies such as HPE, Cisco, Nokia, Ford, AMD, and Zscaler, and even Europol, although in several cases his claims turned out to be exaggerated.
The Justice Department said he had targeted more than 40 companies for data theft between 2023 and 2025, including a telecom company, a healthcare provider and an ISP, from which he stole personal and other sensitive information.
IntelBroker offered to sell the stolen files for more than $2 million, causing damages exceeding $25 million.
An analysis of IntelBroker’s posts on a cybercrime forum — the forum has not been named in the indictment but it’s likely the notorious BreachForums — showed that of the roughly 150 threads offering stolen data for sale or for free, at least 41 pertained to companies based in the United States.
Investigators linked the IntelBroker moniker to the British national after he sold some of the stolen data to undercover law enforcement officers.
The indictment reveals that while IntelBroker seemed highly confident in his ability to evade law enforcement — at times suggesting that he was from Russia or Eastern Europe — he made some significant OPSEC mistakes.
Investigators managed to link the cryptocurrency addresses to which undercover officers made payments to online accounts registered by West, including accounts registered under Kyle Northern and his personal email accounts.
Investigators also tied West to IntelBroker based on the same IPs being used on multiple occasions by both West and IntelBroker. In addition, YouTube videos known to have been watched by West (based on his IP) were shortly after posted by IntelBroker on BreachForums.
IntelBroker is also believed to have acted as an administrator of BreachForums, and French authorities have targeted other alleged admins of the cybercrime forum as well.
French media reported on Wednesday that several members of the notorious hacking group named ShinyHunters, some of which were also involved in the administration of BreachForums, had been arrested in the country. The list of suspects includes ones known online as ShinyHunters, Hollow, Noct and Depressed.
Related: Interpol Targets Infostealers: 20,000 IPs Taken Down, 32 Arrested, 216,000 Victims Notified
Related: Suspected DoppelPaymer Ransomware Group Member Arrested
