• Home
  • cyber
  • IBM and AT&T: Whistleblower Accuses IBM, AT&T of Covering Up Breaches
cyber Breach

IBM and AT&T: Whistleblower Accuses IBM, AT&T of Covering Up Breaches

Jan 1, 2013 2 min read
IBM and AT&T: Whistleblower Accuses IBM, AT&T of Covering Up Breaches

IBM and AT&T Accused of Covering Up Years-Long Data Breaches by Chinese Hackers

A recently unsealed whistleblower lawsuit alleges that IBM and AT&T concealed multiple data breaches spanning from 2013 to 2016, including attacks attributed to Chinese state-backed hackers. William Barlow, IBM’s former vice president of threat intelligence, claims the company knew of breaches affecting its core network but failed to disclose them to authorities.

The complaint asserts that Chinese threat actor APT 10 may have breached IBM’s systems over 56,000 times during the three-year period. Despite an alert from the Five Eyes intelligence alliance in 2017 prompting an internal investigation, IBM allegedly lacked critical logs to determine the scope of the breaches a lapse in standard security practices. The lawsuit further states that neither IBM nor AT&T could confirm what data was accessed, altered, or exfiltrated due to poor network design and insufficient logging.

Barlow also alleges that breaches extended to at least two IBM subsidiaries, which were similarly concealed. AT&T, which managed IBM’s network infrastructure, is named in the complaint for its role in the alleged cover-up.

IBM has denied wrongdoing, stating that the complaint filed six years ago was reviewed by the U.S. Department of Justice, which declined to intervene. A company spokesperson maintained that IBM’s actions complied with legal requirements. The case highlights long-standing concerns over corporate transparency in cybersecurity incidents involving state-sponsored threat actors.

Source: https://www.securitymagazine.com/articles/102353-whistleblower-accuses-ibm-at-and-t-of-covering-up-breaches

AT&T cybersecurity rating report: https://www.rankiteo.com/company/att

IBM cybersecurity rating report: https://www.rankiteo.com/company/ibm

"id": "ATTIBM1780946436",
"linkid": "att, ibm",
"type": "Breach",
"date": "1/2013",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Technology',
                        'name': 'IBM',
                        'type': 'Corporation'},
                       {'industry': 'Telecommunications',
                        'name': 'AT&T',
                        'type': 'Corporation'},
                       {'industry': 'Technology',
                        'name': 'IBM Subsidiaries (at least two)',
                        'type': 'Subsidiary'}],
 'data_breach': {'data_exfiltration': True,
                 'personally_identifiable_information': True},
 'date_detected': '2017',
 'description': 'A recently unsealed whistleblower lawsuit alleges that IBM '
                'and AT&T concealed multiple data breaches spanning from 2013 '
                'to 2016, including attacks attributed to Chinese state-backed '
                'hackers. William Barlow, IBM’s former vice president of '
                'threat intelligence, claims the company knew of breaches '
                'affecting its core network but failed to disclose them to '
                'authorities. The complaint asserts that Chinese threat actor '
                'APT 10 may have breached IBM’s systems over 56,000 times '
                'during the three-year period. Despite an alert from the Five '
                'Eyes intelligence alliance in 2017 prompting an internal '
                'investigation, IBM allegedly lacked critical logs to '
                'determine the scope of the breaches—a lapse in standard '
                'security practices. The lawsuit further states that neither '
                'IBM nor AT&T could confirm what data was accessed, altered, '
                'or exfiltrated due to poor network design and insufficient '
                'logging. Barlow also alleges that breaches extended to at '
                'least two IBM subsidiaries, which were similarly concealed. '
                'AT&T, which managed IBM’s network infrastructure, is named in '
                'the complaint for its role in the alleged cover-up.',
 'impact': {'brand_reputation_impact': True,
            'data_compromised': True,
            'identity_theft_risk': True,
            'legal_liabilities': True,
            'systems_affected': 'IBM’s core network, at least two IBM '
                                'subsidiaries'},
 'investigation_status': 'Ongoing (lawsuit)',
 'motivation': 'State-sponsored espionage',
 'post_incident_analysis': {'root_causes': 'Poor network design, insufficient '
                                           'logging, alleged concealment'},
 'references': [{'source': 'Whistleblower lawsuit (William Barlow)'},
                {'source': 'Five Eyes intelligence alliance alert'}],
 'regulatory_compliance': {'legal_actions': 'Whistleblower lawsuit'},
 'response': {'communication_strategy': 'Concealment alleged'},
 'threat_actor': 'APT 10',
 'title': 'IBM and AT&T Accused of Covering Up Years-Long Data Breaches by '
          'Chinese Hackers',
 'type': 'Data Breach'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.