Key facts
- IBM and AT&T are accused of concealing foreign government-backed hacks from the US government.
- The allegations come from a whistleblower lawsuit filed by former IBM cybersecurity official William Barlow.
- The suit claims the companies violated the False Claims Act by making false assurances about system security.
- Hackers allegedly breached IBM's cloud infrastructure, operated by AT&T, impacting US government and military systems.
- The US Department of Justice declined to intervene in the lawsuit.
International Business Machines Corp. (IBM) and AT&T Inc. are facing accusations from a former IBM cybersecurity official, William Barlow, of concealing repeated breaches by foreign hackers from the US government. Barlow, IBM's former vice president of threat intelligence, filed a whistleblower lawsuit under the False Claims Act, alleging that the companies violated federal law and made false assurances about their system security to secure government contracts. The lawsuit, filed under seal in 2020 and unsealed this week after the US government declined to intervene, claims that massive IBM cloud computing infrastructure, operated by AT&T and used by various US government agencies including the military, was repeatedly infiltrated by unidentified and foreign hackers, including those linked to the Chinese government-backed APT 10 group. Barlow alleges that IBM executives pressured him to downplay or conceal these incidents, and that the companies do not know the full extent of what data was breached or exfiltrated. IBM stated it is confident its actions followed the law, while AT&T did not respond to requests for comment. Barlow's attorney indicated they intend to litigate the matter aggressively, highlighting the billions of dollars in federal business at stake.