Former Cybersecurity Pro Sues IBM for Covering Up Data Breaches
A former IBM executive claims the tech giant was repeatedly hacked by foreign governments and hid the breaches from authorities. Here’s what you need to know.
Admin User

A former IBM cybersecurity executive is accusing the company of multiple data breaches by foreign governments, which it allegedly covered up, according to a lawsuit filed in 2020 but unsealed this week.
What the Lawsuit Accuses IBM Of
William Barlow, who was IBM’s vice president of threat intelligence until August 2019, alleges that between 2013 and 2016, IBM's core network was breached by Chinese hackers. The company, he says, concluded the breaches but chose to cover them up rather than disclose them.
Further Allegations
In addition to the main breach, Barlow claims that at least two IBM subsidiaries were also compromised, and their breaches were likewise covered up. He further states that IBM's network was ‘routinely hacked by foreign state actors and others,’ with stolen data never being reported to government agencies.
Significance for IBM
IBM is a major cybersecurity vendor to the U.S. federal government, making these alleged concealments especially significant. The case highlights the ongoing issue of undisclosed breaches, despite laws passed in recent years aimed at preventing such practices.
IBM's Response
An IBM spokesperson, Miki Carver, declined to comment on specific allegations but stated that 'this complaint was filed six years ago, and the U.S. Department of Justice declined to intervene. IBM is confident that our actions followed the letter of the law.' However, Barlow’s lawyer, Jason Brown, argues that selling cybersecurity services while having such internal security issues undermines trust.
Further Details
The lawsuit details multiple breaches and hacking attempts by a group known as APT 10, which targeted IBM in partnership with AT&T. According to Barlow’s complaint, IBM was breached over 56,000 times between 2013 and 2016, with four servers compromised. The company failed to keep logs of network access, leading to a lack of accountability.
Other Alleged Breaches
Barlow also alleges breaches affecting IBM subsidiaries Trusteer (acquired in 2013) and Truven (acquired in 2016), both of which were allegedly breached multiple times. In each case, he claims that IBM failed to properly investigate or disclose the incidents.


