Back

IBM Whistleblower Alleges Cover-Up of Foreign Cyber Breaches

Severity: High (Score: 74.0)

Sources: Techcrunch, www.fbi.gov, Techbuzz.Ai, Heise.De, Indexbox

Published: 2026-06-05 · Updated: 2026-06-06

Keywords: foreign, whistleblower, covering, cyberattacks, repeatedly, business, government

Severity indicators: rat, government, cyberattack

Summary

A former IBM cybersecurity executive, William Barlow, has filed a lawsuit alleging that IBM covered up multiple data breaches by foreign state actors, particularly Chinese hackers, from 2013 to 2016. The breaches reportedly affected IBM's core network and at least two subsidiaries, with Barlow claiming that IBM failed to notify the U.S. government and other stakeholders as required by law. The lawsuit, filed in 2020 but only recently made public, indicates that IBM's internal investigations revealed over 56,000 unauthorized accesses by the APT 10 group. Barlow asserts that the company downplayed these incidents to secure government contracts. IBM has not provided specific responses to the allegations, citing the lawsuit's age and the lack of DOJ intervention. The implications of these allegations are significant given IBM's role as a cybersecurity vendor for the U.S. federal government. Key Points: • IBM is accused of covering up multiple data breaches by foreign state actors from 2013 to 2016. • The lawsuit claims over 56,000 unauthorized accesses by the APT 10 hacking group. • IBM allegedly failed to notify the U.S. government and stakeholders about the breaches.

Detailed Analysis

**Impact** Multiple data breaches affected IBM’s core network and at least two subsidiaries between 2013 and 2018, impacting nearly 400 user accounts and 200 systems across 18 countries. Sectors affected include government agencies, financial institutions, healthcare, and critical infrastructure, with U.S. Navy personnel data among those compromised. The breaches potentially exposed sensitive enterprise and government data, undermining trust in IBM’s cybersecurity posture and risking regulatory and legal consequences. The concealment of these incidents may have prevented affected clients from mitigating downstream impacts. **Technical Details** The attacks were primarily conducted by the Chinese state-sponsored APT 10 group, leveraging repeated unauthorized access to IBM and subsidiary networks from 2013 to 2016. Attackers exploited archaic core network infrastructure and insufficient logging practices, enabling undetected lateral movement and data exfiltration. The breach involved over 56,000 intrusion attempts, compromising cloud infrastructure operated jointly with AT&T. No specific malware or CVEs were detailed in the sources. **Recommended Response** Organizations should audit and enhance logging and monitoring capabilities to detect unauthorized access and lateral movement, especially in legacy network environments. Review and tighten access controls on critical systems and cloud infrastructure, particularly those shared with third-party providers. Monitor for indicators of compromise related to APT 10 activity, including unusual account access patterns and network traffic anomalies. IBM and affected clients should cooperate with regulatory bodies to assess breach impact and improve disclosure compliance.

Source articles (6)

  • IBM, AT&T Accused By Whistleblower of Covering Up Foreign Hacks — Bloomberg · 2026-06-04
    International Business Machines Corp. and AT&T Inc. ’s computer systems were repeatedly breached by foreign hackers, and the companies concealed those intrusions from the US government in violation of…
  • Whistleblower accuses IBM and AT&T of covering up foreign cyberattacks — Heise.De · 2026-06-05
    US corporations IBM and AT&T are repeatedly exposed to cyberattacks from abroad. Because they do business with the US government, they are obligated to report breaches and data exfiltration. According…
  • Former cyber executive turned whistleblower accuses IBM of covering up several data breaches — Techcrunch · 2026-06-05
    A former IBM cybersecurity executive accused the company of getting hacked three times in the decade by foreign governments and then covering up the breaches. In a lawsuit unsealed this week but filed…
  • Apt 10 Group — www.fbi.gov · 2026-06-05
    Conspiracy to Commit Computer Intrusions; Conspiracy to Commit Wire Fraud; Aggravated Identity Theft on X X.com on Email Email On December 17, 2018, a grand jury in the United States District Court fo…
  • IBM Lawsuit: Former Executive Claims Company Concealed Chinese Hacks Over a Decade - News and Statistics — Indexbox · 2026-06-05
    A former cybersecurity executive at IBM has accused the company of experiencing three cyberattacks by foreign governments over the past decade and subsequently concealing those incidents, according to…
  • IBM Whistleblower Alleges Decade-Old Breach Cover-Up — Techbuzz.Ai · 2026-06-05
    A former cybersecurity executive has filed an explosive lawsuit accusing IBM of covering up multiple data breaches that occurred across the company and two subsidiaries during the mid-2010s. The whist…

Timeline

  • 2013-01-01 — First breach by APT 10 group: IBM's core network reportedly hacked by Chinese state actors, leading to multiple data breaches.
  • 2016-01-01 — Last identified breach by APT 10 group: Internal investigations revealed over 56,000 unauthorized accesses to IBM's systems by APT 10.
  • 2020-01-01 — Lawsuit filed by William Barlow: Barlow files a lawsuit against IBM alleging cover-up of significant cyber breaches.
  • 2026-06-05 — Lawsuit details made public: The lawsuit becomes public, revealing serious allegations against IBM regarding breach concealment.

Related entities

  • Apt10 (Apt Group)
  • APT 10 (Apt Group)
  • APT 10 Group (Apt Group)
  • Data Breach (Attack Type)
  • AT&T (Company)
  • Huaying Haitai Science And Technology Development Company (Company)
  • IBM (Company)
  • Tianjin State Security Bureau (Company)
  • Trusteer (Company)
  • Truven (Company)
  • United States Department Of The Navy (Company)
  • Australia (Country)
  • Brazil (Country)
  • Canada (Country)
  • China (Country)
  • Finland (Country)
  • France (Country)
  • Germany (Country)
  • India (Country)
  • Japan (Country)
  • New Zealand (Country)
  • Sweden (Country)
  • Switzerland (Country)
  • United Arab Emirates (Country)
  • United Kingdom (Country)
  • United States (Country)
  • german.it (Domain)
  • Financial (Industry)
  • Government (Industry)
  • Healthcare (Industry)
  • Manufacturing (Industry)
  • Technology (Industry)
  • T1041 - Exfiltration Over C2 Channel (Mitre Attack)
  • T1078 - Valid Accounts (Mitre Attack)
  • T1567 - Exfiltration Over Web Service (Mitre Attack)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed