Former IBM Cybersecurity Head Accuses Company of Concealing Hacker Attacks

William Barlow, former head of IBM’s cybersecurity division, accused the company of concealing at least three major hacker attacks over the past decade. The lawsuit, filed in 2020, only became public this week.

According to Barlow, IBM’s main network was breached by the Chinese hacker group APT 10 between 2013 and 2016. An internal investigation revealed that attackers may have gained unauthorized access over 56,000 times. However, IBM failed to preserve access logs, making further investigation impossible. The company also did not notify government agencies or its clients, including U.S. federal agencies, about the attack.

The lawsuit also mentions breaches at two IBM subsidiaries: Trusteer (2018) and Truven (multiple incidents after its acquisition in 2016). Barlow claims IBM did not conduct a proper investigation or disclose details of these incidents. The case is particularly concerning given that IBM, a cybersecurity provider for government agencies, may have been a victim of large-scale attacks without subsequent disclosure.

An IBM spokesperson declined to comment on the lawsuit details, citing the U.S. Department of Justice’s decision not to intervene. The company stated its actions complied with the law. Barlow’s attorney, however, emphasized that the case will be pursued aggressively in court.