IBM allegedly – A former IBM threat intelligence executive, William Barlow, filed a lawsuit unsealed this week claiming IBM’s core network was hacked by Chinese government-linked attackers multiple times—and that the company covered it up instead of disclosing the incidents t
For William Barlow, the central issue isn’t just that IBM’s networks were breached. It’s that the company allegedly treated the intrusions like a private matter—something to manage quietly, not something to report.
Barlow. a former IBM cybersecurity vice president of threat intelligence until August 2019. is accusing IBM of getting hacked three times over the previous decade by foreign governments and then covering up the resulting breaches. The lawsuit. unsealed this week but filed in 2020. says IBM concluded Chinese hackers breached its core network between 2013 and 2016 and then failed to disclose what happened.
In the complaint, Barlow says IBM concluded Chinese hackers breached its core network between 2013 and 2016, but that IBM covered up the breaches and never disclosed them. He also alleges that at least two IBM subsidiaries were breached and that IBM covered up those incidents as well.
Barlow’s allegations go further than a single intrusion. He wrote that IBM’s core network was “routinely hacked by foreign state actors and others,” adding that data was frequently stolen and that government agencies were “never notified.”
The lawsuit’s timeline stretches back more than ten years. but the immediate tension lands here: even when attacks hit major public tech companies. they may not be disclosed—either to the public or to the authorities that oversee national and economic security. IBM is a major cybersecurity vendor to the U.S. federal government, and that connection makes the alleged concealment especially consequential.
IBM disputes the accusation in substance. A spokesperson, Miki Carver, declined to answer specific questions about the lawsuit and the underlying claims. Instead, Carver said, “This complaint was filed six years ago, and the U.S. Department of Justice declined to intervene. IBM is confident that our actions followed the letter of the law.”.
The complaint focuses on a hacking campaign attributed to APT 10. a Chinese government-linked group tied by the FBI to targeting a “Who’s Who” of the global economy when its members were indicted in 2018. Barlow alleges IBM was among the victims of that campaign. and he says the hackers broke into the company’s network and the data it maintained there in partnership with AT&T.
In March 2017, the complaint says, intelligence officials from Australia, Canada, New Zealand, the United States, and the United Kingdom—known collectively as the Five Eyes alliance—warned IBM about the breach. That warning, Barlow alleges, prompted an internal investigation.
The results described in the complaint are stark. It alleges the investigation concluded APT 10 potentially breached IBM’s network more than 56,000 times between 2013 and 2016. It also says IBM stated it could not investigate further because it had not kept logs of who accessed its network and when. a basic security practice.
From there, the complaint alleges the company didn’t alert authorities—or the U.S. government, one of its main customers. The argument is not limited to what was discovered, but to what was not done after the discoveries.
An internal IBM report described in the complaint says the compromised environment left room for intruders to move. “As IBM and AT&T’s Core Networks’ infrastructure is archaic. hackers have been able to gain access to the system on numerous occasions and can roam almost anywhere undetected. ” the complaint says it read. The same complaint states the internal investigation concluded four servers were compromised.
The complaint also describes the scale of access attributed to the campaign: it says the attackers compromised and/or accessed nearly 400 compromised accounts and almost 200 total systems and servers across every IBM business unit, eighteen countries, and multiple IBM products.
Barlow’s attorney, Jason Brown, told TechCrunch that his firm is “looking forward to aggressively litigating the matter.” Brown added, “You can’t sell cybersecurity to the federal government while allegedly having these security problems within your own company.”
Beyond IBM’s core network, the complaint points to additional breaches Barlow says he was aware of. He alleges Trusteer, a cybersecurity startup acquired by IBM in 2013, was breached in 2018. He also alleges Truven, a healthcare data startup IBM acquired in 2016, was breached multiple times after the acquisition. In both cases, Barlow accuses IBM of failing to properly investigate and disclose the breaches.
Taken together. the lawsuit paints a picture of warnings. investigation. and then restraint—restraint that Barlow says extended to government notification and disclosure. IBM says it followed the letter of the law. The case now moves into the kind of scrutiny that. for years. many victims of cyberattacks never got—because disclosure. in Barlow’s telling. never happened.
IBM cyberattack data breach whistleblower William Barlow threat intelligence APT10 Five Eyes AT&T Trusteer Truven lawsuit cybersecurity vendor U.S. federal government