Former cyber executive turned whistleblower accuses IBM of covering up several data breaches
A former IBM cybersecurity executive, William Barlow, filed a lawsuit accusing the company of covering up multiple data breaches between 2013 and 2016, including attacks by a Chinese government-linked group (APT 10) that allegedly compromised IBM’s core network over 56,000 times without disclosure. Barlow claims IBM failed to notify authorities, including U.S. government agencies, despite warnings from the Five Eyes alliance and internal investigations confirming widespread access to sensitive systems across 18 countries.
William Barlow, IBM’s former vice president of threat intelligence, filed a lawsuit in 2020 alleging the company concealed multiple cybersecurity breaches between 2013 and 2016. Barlow claims IBM’s core network was repeatedly hacked by APT 10, a group linked to the Chinese government, with over 56,000 unauthorized access attempts detected during an internal investigation. Despite warnings from the Five Eyes alliance—Australia, Canada, New Zealand, the U.S., and the U.K.—IBM allegedly failed to notify government authorities or the public about the breaches. The complaint states IBM’s internal investigation found four compromised servers and nearly 400 hacked accounts across 18 countries, affecting multiple IBM business units and products. Barlow alleges the company lacked proper network logs, preventing a thorough investigation. IBM also allegedly failed to disclose breaches involving Trusteer, a cybersecurity startup acquired by IBM in 2013. The lawsuit highlights a broader issue: major tech companies like IBM, which sells cybersecurity services to the U.S. federal government, may withhold breach disclosures. Recent laws have been introduced to address this, requiring companies to report data breaches more transparently. IBM spokesperson Miki Carver declined to comment on specifics, stating the complaint was filed six years ago and the U.S. Department of Justice declined intervention. Barlow’s legal team, represented by Jason Brown, argues IBM’s alleged security failures undermine its credibility as a cybersecurity vendor. Brown emphasized the contradiction between IBM’s public security claims and Barlow’s allegations of internal vulnerabilities. The case remains unresolved, with Barlow’s lawyers stating they plan to litigate aggressively. The breach allegations tie to a 2018 FBI indictment of APT 10, which targeted global economic leaders. Barlow’s claims suggest IBM’s systems were among the group’s victims, raising concerns about the company’s ability to protect sensitive data. The lawsuit underscores ongoing risks in cybersecurity, particularly for firms handling government contracts.
This content was automatically generated and/or translated by AI. It may contain inaccuracies. Please refer to the original sources for verification.