Scopeora News & Life

© 2026 Scopeora News & Life

Whistleblower Alleges IBM Concealed Cyber Breaches by Foreign Actors

A whistleblower's lawsuit against IBM reveals alleged cover-ups of significant cyber breaches, highlighting ongoing challenges in corporate cybersecurity transparency and practices.

Whistleblower Alleges IBM Concealed Cyber Breaches by Foreign Actors

A former executive in IBM's cybersecurity division has made serious allegations against the tech giant, claiming it concealed multiple cyberattacks over the past decade. William Barlow, who served as IBM's vice president of threat intelligence until August 2019, filed a lawsuit that was unsealed recently. In this suit, he asserts that Chinese hackers infiltrated IBM's core network between 2013 and 2016, and that the company failed to disclose these breaches.

Barlow's complaint details that IBM's network was frequently compromised by foreign state actors, with sensitive data stolen without notification to government authorities. This is particularly concerning given IBM's role as a key cybersecurity provider for the U.S. federal government. The lack of transparency surrounding such breaches highlights ongoing challenges in cybersecurity, even for major corporations.

According to Barlow, the breaches were part of a larger hacking campaign attributed to APT 10, a group linked to the Chinese government. The FBI has previously indicated that this group targeted significant entities across the global economy. Barlow's allegations suggest that IBM was warned of potential breaches by intelligence officials from the Five Eyes alliance--comprising Australia, Canada, New Zealand, the U.S., and the U.K.--in March 2017, prompting an internal investigation.

The investigation reportedly found that APT 10 had compromised IBM's network over 56,000 times during the specified period. Alarmingly, IBM's internal records were insufficient to track access to its network, which is considered a fundamental security practice. Despite these findings, the company allegedly did not alert the appropriate authorities, including the U.S. government, a primary customer.

Barlow's complaint asserts that IBM's outdated infrastructure allowed hackers to navigate the system undetected. An internal report indicated that the attackers accessed nearly 400 accounts and around 200 systems across various IBM divisions worldwide.

Jason Brown, Barlow's attorney, expressed determination to pursue the case vigorously, emphasizing the contradiction of selling cybersecurity solutions while allegedly struggling with internal security issues. Barlow also noted that breaches affected Trusteer and Truven, two cybersecurity and healthcare data startups acquired by IBM, further indicating a pattern of inadequate response to security threats.

As cybersecurity threats continue to evolve, the implications of this case could lead to significant changes in how companies approach data protection and transparency. The outcome may encourage stricter regulations and practices, ultimately enhancing the security landscape for all stakeholders involved.


Similar News