Canadian hacker arrested for allegedly stealing data from Texas Republican Party

Avatar

A Canadian man is facing charges in the U.S. for allegedly hacking into systems used by the Texas Republican Party and stealing sensitive information. 

Aubrey Cottle, 37, was arrested last Wednesday in Canada, where he is also facing charges.

The Justice Department unsealed a September 2024 complaint and arrest warrant accusing Cottle of gaining access to the systems of Epik, a third-party hosting company for the websites for the Texas Republican Party and the Texas Right to Life anti-abortion group. 

According to prosecutors, Cottle breached Epik “to deface and download a backup of Texas Republican Party’s web server, which contained personal identifying information.”

Cottle then allegedly shared the stolen data online and allowed anyone to download it before publicly taking credit for the attack on social media. Police searches of his devices allegedly turned up data stolen from the Texas Republican Party.

The criminal complaint, filed in the Western District of Texas, charges Cottle with “unlawfully transferring, possessing, or using a means of identification” in furtherance of a crime.  He is facing a maximum sentence of five years in prison if convicted. 

The complaint includes photos of Cottle taking credit for the attack in chats on Discord and in a TikTok post where he also claimed to be behind the leak. The raid on Cottle’s home in Ontario uncovered 20 terabytes of stolen data, prosecutors said.

Known online as “Kirtaner,” Cottle is a famed hacker and key member of the Anonymous hacker collective. He has a large social media following and has appeared in multiple documentaries about Anonymous and other facets of his work. 

Cottle’s home was raided in 2022 by Canadian police after he boasted of several hacks targeting conservative organizations like the crowdfunding site GiveSendGo and the Freedom Convoy 2022 campaign. In an interview with CyberScoop that year, he confirmed that Canadian officials were working with the FBI to investigate him. 

In 2021, the Anonymous group took credit for attacking Epik, which the company eventually confirmed. 

Hackers defaced the Texas GOP website and created a now-defunct website hosting decades of information stolen from Epik, arguing they took the action in response to Texas’ newly-instituted abortion law. 

In 2022, CNN reported that Cottle showed up to an online press conference about the breach held by Epik CEO Rob Monster, who acknowledged Cottle’s presence in the chat and asked him if he was behind the incident. 

“I would never, ever, ever, ever admit to a federal crime in a space like this,” Cottle reportedly said. Monster told CNN that he believed Cottle was behind the attack on Epik. 

NewsCybercrime
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

CISO Perth 2025

Next Post

Russia tightens cybersecurity measures as financial fraud hits record high

Related Posts

The Unusual Suspect: Git Repos

While phishing and ransomware dominate headlines, another critical risk quietly persists across most enterprises: exposed Git repositories leaking sensitive data. A risk that silently creates shadow access into core systems Git is the backbone of modern software development, hosting millions of repositories and serving thousands of organizations worldwide. Yet, amid the daily hustle of shipping
Avatar
Read More

Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization

Threat hunters have exposed the tactics of a China-aligned threat actor called UnsolicitedBooker that targeted an unnamed international organization in Saudi Arabia with a previously undocumented backdoor dubbed MarsSnake. ESET, which first discovered the hacking group's intrusions targeting the entity in March 2023 and again a year later, said the activity leverages spear-phishing emails using
Avatar
Read More

Your SaaS Data Isn’t Safe: Why Traditional DLP Solutions Fail in the Browser Era

Traditional data leakage prevention (DLP) tools aren't keeping pace with the realities of how modern businesses use SaaS applications. Companies today rely heavily on SaaS platforms like Google Workspace, Salesforce, Slack, and generative AI tools, significantly altering the way sensitive information is handled. In these environments, data rarely appears as traditional files or crosses networks
Avatar
Read More