Article Details

FBI used bitcoin wallet records to peg notorious IntelBroker as UK national. Pro tip: Don't use your personal email account on BreachForums. The notorious data thief known as IntelBroker allegedly broke into computer systems belonging to more than 40 victims worldwide and stole their data, costing them at least $25 million in damages, according to newly unsealed court documents that also name IntelBroker as 25-year-old British national Kai West. A criminal indictment [PDF] unsealed on Wednesday charges West, aka Kyle Northern, with four counts related to breaking into companies' computer systems, following a years-long scheme that allegedly started in December 2022 and continued until West was arrested in France in February 2025. These crimes, according to the court documents, include stealing and then deleting data from a victim on January 6, 2023, which caused at least $5,000 in damage.  That same day, West, using the IntelBroker username, allegedly offered the stolen files for sale. Then in March 2023, West and his co-conspirators stole patient data, including healthcare information, from a medical services provider, thus causing "the modification and impairment" of patient care, the filing says. Some of the high-profile victims linked to IntelBroker in the past reportedly include Nokia, HPE, Europol, Home Depot, AMD, Apple, and the US Army. After breaking into these and other businesses' computer systems and stealing their data, IntelBroker and his gang typically put this sensitive information up for sale on BreachForums, a popular cybercrime recruitment site and stolen data souk. West is also believed to be a BreachForums administrator, and on Monday, police in Paris arrested four other site admins with the handles Hollow, Noct, Depressed, and ShinyHunters.  In a criminal complaint [PDF] also unsealed on Wednesday, the FBI revealed how it traced the IntelBroker handle to West, explaining that undercover agents purchased a stolen API key that granted illicit access to one victim's website, and traced the bitcoin wallet's address back to him. The FBI connected this wallet to an earlier Ramp account registered using a UK driver's license in the name "Kai Logan West." That driver's license was also associated with a Coinbase account, registered by West but under his "Kyle Northern" alias. Both the Ramp and Coinbase accounts used West's personal email address, the FBI says. West also used this personal email address to watch YouTube videos multiple times, and then "IntelBroker" posted these videos to BreachForums, identified by the court documents as "Forum-1" in the court documents. He also, according to court documents, used this email address to watch several videos about IntelBroker and IntelBroker's victims. The US is seeking West's extradition, and two of the charges against him carry a 20-year maximum sentence.