Former executive accuses IBM of covering up multiple data breaches linked to Chinese hackers

A former IBM cybersecurity executive is alleging that the tech giant was breached tens of thousands of times by a Chinese state-linked hacking group and then systematically covered it up to protect its federal contracts. The lawsuit, filed under seal in 2020 and recently unsealed in New York federal court, paints a picture of a company that allegedly chose revenue preservation over transparency with the US government.

William Barlow, who served as vice president of threat intelligence at IBM, claims the company experienced more than 56,000 cybersecurity intrusions attributed to APT10, a well-known Chinese hacking group, between 2013 and 2016. At least two IBM subsidiaries were also allegedly breached during this period.

What the lawsuit actually alleges

Barlow filed his complaint under the False Claims Act, a federal law that allows whistleblowers to sue on behalf of the government when they believe a company has defrauded it. The core accusation: IBM failed to disclose these breaches to US regulators or its government clients, even after the Five Eyes intelligence alliance, the signals intelligence partnership between the US, UK, Canada, Australia, and New Zealand, warned IBM about security concerns in March 2017.