Former Cyber Executive Turns Whistleblower Against IBM for Data Breach Cover-Up

Former Cyber Executive Turns Whistleblower Against IBM for Data Breach Cover-Up

A former IBM cybersecurity executive has made serious allegations against the company, claiming it covered up multiple data breaches over the past decade. In a lawsuit unsealed this week, William Barlow, who served as IBM’s vice president of threat intelligence until August 2019, revealed that the company was hacked three times by foreign governments but failed to disclose these incidents.

Barlow stated that Chinese hackers breached IBM’s core network between 2013 and 2016, yet the company chose to conceal these breaches. He also mentioned that at least two IBM subsidiaries were compromised, with IBM allegedly covering up those incidents as well. According to Barlow, IBM’s core network was “routinely hacked by foreign state actors and others,” with sensitive data frequently stolen without any notification to government agencies.

IBM, a key cybersecurity vendor for the U.S. federal government, faces significant scrutiny due to these allegations. An IBM spokesperson, Miki Carver, declined to comment on the specifics of the lawsuit, stating that the complaint was filed six years ago and that the U.S. Department of Justice had opted not to intervene. Carver expressed confidence that IBM’s actions adhered to legal standards.

Barlow’s complaint also highlighted that IBM was a victim of a hacking campaign orchestrated by APT 10, a group linked to the Chinese government. This group was previously targeted by the FBI, which indicated that they had infiltrated major players in the global economy. Barlow claimed that intelligence officials from the Five Eyes alliance warned IBM about the breach in March 2017, leading to an internal investigation.

The internal investigation reportedly concluded that APT 10 had breached IBM’s network over 56,000 times between 2013 and 2016. Alarmingly, IBM could not conduct a thorough investigation due to a lack of logs detailing network access, a fundamental security practice. Furthermore, the company allegedly failed to inform any authorities or the U.S. government, one of its primary clients.

Barlow also pointed out other breaches affecting Trusteer, a cybersecurity startup acquired by IBM in 2013, which was breached in 2018, and Truven, a healthcare data startup acquired in 2016, which experienced multiple breaches post-acquisition. In both instances, Barlow accused IBM of neglecting to investigate and disclose these incidents properly.

For more details, check out the full article: Read full article