A British national accused of orchestrating a series of high-profile cyber intrusions, including attacks affecting the insurance and healthcare sectors, is facing extradition to the United States following his arrest in France earlier this year.
Kai West, 25, who is alleged to be the hacker known online as “IntelBroker”, has been indicted in the Southern District of New York on four counts, including conspiracy to commit wire fraud and unauthorised access to protected computer systems. The charges carry a maximum sentence of 20 years per count for the most serious offences.
Prosecutors in Manhattan allege that West, operating under pseudonyms including “Kyle Northern”, stole and sold corporate and personal data belonging to organisations across the telecommunications, technology, and healthcare sectors—causing losses of over $25 million.
West was arrested by French authorities in February and remains in pre-trial detention. His case forms part of a broader international investigation into cybercrime forum BreachForums, a now-defunct marketplace notorious for trafficking stolen data. Four additional individuals believed to be administrators of the site were also detained in France this week, including alleged members of the hacking collective ShinyHunters.
IntelBroker first drew significant attention in early 2023 when he claimed responsibility for the breach of a health insurance marketplace serving U.S. lawmakers and Washington D.C. residents. That incident, among others, triggered widespread concern in the insurance and legal industries over data security and risk exposure.
Since then, authorities allege, West engaged in a spate of attacks targeting companies including Hewlett Packard Enterprise, AMD, Cisco, and multiple U.S. government contractors. He also claimed to have accessed data linked to defence projects and telecoms infrastructure.
The stolen material was allegedly offered for sale online and, in some cases, posted free of charge to increase IntelBroker’s influence on cybercrime forums. According to court documents, between 2023 and 2025 West published around 150 forum threads promoting stolen data, including information from at least 41 U.S.-based companies.
While West appeared to boast of his anonymity—at times claiming to be located in Eastern Europe or communicating in Russian—prosecutors say operational mistakes eventually led to his identification.
According to the indictment, West accepted a $250 Bitcoin payment from an undercover officer in exchange for stolen data. That transaction was traced to a cryptocurrency exchange account registered under his real name and supported by a driver’s licence. Investigators found the same email address was used to access a virtual private network and a social media account attributed to IntelBroker.
Technical evidence reportedly linked his known IP addresses to those used in the intrusions, and further overlap was discovered through YouTube history data showing West viewing videos about IntelBroker's exploits—some of which were later shared on BreachForums.
The case has sharpened focus on cybersecurity resilience within the insurance and legal aid sectors, where breaches can expose highly sensitive data and undermine client trust. IntelBroker’s 2023 attack on the insurance exchange used by U.S. lawmakers was one of the most visible intrusions to hit a regulated sector in recent years.
His methods—often relying on vulnerabilities in third-party providers and social engineering techniques—have reignited calls for insurers to strengthen their scrutiny of downstream vendor relationships, especially in light of growing regulatory demands around cyber hygiene and operational resilience.
While the indictment stops short of naming affected insurers, market analysts note that West's activity reflects a broader shift in the threat landscape, where cybercriminals increasingly blend espionage, extortion, and status-building in a fragmented and resurgent dark web ecosystem.
West is currently detained in France, pending the outcome of U.S. extradition proceedings. Prosecutors have also signalled that further arrests are expected, with at least one unnamed co-conspirator likely to face charges in New York.
The revival of BreachForums—after being shuttered once before—suggests that enforcement challenges persist, even amid high-profile arrests. French officials confirmed this week that the forum remains active, albeit under new administration, raising concerns about the cyclical nature of cybercrime infrastructure.
The U.S. Department of Justice has not yet set a trial date, but industry observers expect West’s prosecution to become a test case in cross-border cyber enforcement and an important benchmark for insurers gauging their own cyber liability exposure.
How do you see the cross-border challenges facing cyber stakeholders? Please tell us below.
