Back

Whistleblower Alleges IBM and AT&T Concealed Foreign Cyberattacks

Severity: High (Score: 74.0)

Sources: Bloomberg, Heise.De

Published: 2026-06-05 · Updated: 2026-06-05

Keywords: foreign, whistleblower, covering, cyberattacks, repeatedly, business, government

Severity indicators: rat, government, cyberattack

Summary

A lawsuit filed by William Barlow, a former IBM cybersecurity executive, claims that IBM and AT&T concealed multiple foreign cyberattacks from the US government. The attacks, attributed to state-sponsored hackers, targeted IBM's cloud infrastructure, which is used by US government agencies, including military personnel. Barlow alleges that the companies failed to report breaches and made false assurances about their security to retain government contracts. Specific incidents cited include a 2018 breach by the APT10 group from China, which compromised data of 100,000 US Navy personnel. The lawsuit, filed in 2020, has only recently come to public attention after the government opted not to intervene. Barlow claims that IBM's internal investigations revealed thousands of potential breaches and that executives pressured him to downplay the severity of these incidents. The case is still pending in a New York federal court. Key Points: • IBM and AT&T are accused of covering up foreign cyberattacks to secure government contracts. • The lawsuit cites a 2018 breach by China's APT10 group affecting 100,000 US Navy personnel. • William Barlow claims he was pressured to conceal details of cyber incidents during his tenure.

Detailed Analysis

**Impact** US government entities, including the military, are affected due to the use of IBM’s cloud infrastructure and AT&T’s networking services. The breach involved data from approximately 100,000 US Navy personnel and compromised nearly 400 user accounts and 200 systems across 18 countries. The scope includes sensitive government and corporate data, with potential exfiltration and unauthorized access impacting national security and federal contract integrity. **Technical Details** Attackers linked to the Chinese APT10 group exploited vulnerabilities in IBM’s cloud infrastructure and AT&T’s network, with over 50,000 potential hits identified between 2013 and 2016. The companies lacked comprehensive access logs, hindering incident investigation and attribution. The attack chain involved persistent unauthorized access and data exfiltration, but specific malware, CVEs, or tools used were not detailed in the articles. **Recommended Response** Organizations using IBM cloud and AT&T networking should enhance monitoring for unusual access patterns and implement strict logging to enable incident investigation. Federal clients should verify compliance with breach reporting requirements and conduct independent security audits of these infrastructures. Increased scrutiny of APT10-related indicators and network segmentation should be prioritized to limit lateral movement. No specific patches or IOCs were provided in the sources.

Source articles (2)

  • IBM, AT&T Accused By Whistleblower of Covering Up Foreign Hacks — Bloomberg · 2026-06-04
    International Business Machines Corp. and AT&T Inc. ’s computer systems were repeatedly breached by foreign hackers, and the companies concealed those intrusions from the US government in violation of…
  • Whistleblower accuses IBM and AT&T of covering up foreign cyberattacks — Heise.De · 2026-06-05
    US corporations IBM and AT&T are repeatedly exposed to cyberattacks from abroad. Because they do business with the US government, they are obligated to report breaches and data exfiltration. According…

Timeline

  • 2018-01-01 — APT10 group breaches IBM: Chinese state-sponsored hackers reportedly stole data from 100,000 US Navy personnel, according to the lawsuit.
  • 2020-01-01 — Lawsuit filed against IBM and AT&T: William Barlow filed a lawsuit in New York federal court alleging cover-ups of cyberattacks.
  • 2026-06-04 — Lawsuit details made public: The lawsuit gained public attention after the US government chose not to intervene in the proceedings.
  • 2026-06-05 — Articles published on lawsuit: Heise and Bloomberg report on the allegations of cover-ups by IBM and AT&T, highlighting the severity of the claims.

Related entities

  • Apt10 (Apt Group)
  • Data Breach (Attack Type)
  • AT&T (Company)
  • IBM (Company)
  • China (Country)
  • german.it (Domain)
  • T1041 - Exfiltration Over C2 Channel (Mitre Attack)
  • T1078 - Valid Accounts (Mitre Attack)
  • T1567 - Exfiltration Over Web Service (Mitre Attack)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed