Former IBM cybersecurity exec accuses company of hiding Chinese hacking breaches

TL;DRIBM’s ex-threat intel VP alleges the company hid Chinese state hacker breaches from 2013-2016 and never told the feds. The case is now in court.

A former IBM cybersecurity executive has accused the company of concealing multiple data breaches by Chinese state-linked hackers. William Barlow served as IBM’s vice president of threat intelligence until August 2019. In a whistleblower lawsuit unsealed this week, he alleged IBM knew about the breaches and deliberately failed to notify US authorities.

The lawsuit was originally filed under seal in 2020. It centres on a hacking campaign by APT 10, a Chinese government-linked group whose members were indicted in 2018. Then-FBI Director Christopher Wray described the group’s targets as a “Who’s Who” of the global economy.

Barlow alleged that an internal IBM investigation found more than 56,000 potential APT 10 intrusions between 2013 and 2016. The scale was enormous. According to an internal report cited in the complaint, attackers accessed nearly 400 compromised accounts and almost 200 systems across every IBM business unit.

The breach spanned 18 countries and multiple IBM products. The hackers also infiltrated data IBM maintained in partnership with AT&T, which is also named in the lawsuit.