A former IBM cybersecurity executive has accused the technology giant of concealing several major cybersecurity breaches allegedly carried out by foreign state-linked hackers over a number of years.

The allegations were made in a lawsuit filed by William Barlow, who previously served as IBM’s Vice President of Threat Intelligence.

Although the lawsuit was originally filed in 2020, details became public after court documents were recently unsealed.

Barlow claims that IBM’s internal investigations concluded that Chinese-linked hackers gained access to the company’s core network between 2013 and 2016.

According to the complaint, the company allegedly failed to disclose the breaches to government agencies and other relevant authorities despite evidence of unauthorized access.

The lawsuit further alleges that hackers infiltrated IBM’s systems tens of thousands of times during the period under review.

Internal investigations reportedly linked the incidents to APT10, a hacking group previously associated with cyber espionage activities targeting organizations around the world.

Barlow also claims that IBM subsidiaries, including Trusteer and Truven, suffered separate breaches that were not adequately investigated or publicly disclosed.

The complaint argues that these incidents exposed weaknesses in the company’s cybersecurity oversight and reporting practices.

IBM has denied wrongdoing. A company spokesperson stated that the U.S. Department of Justice declined to intervene in the case and maintained that IBM’s actions complied with applicable legal requirements.

Meanwhile, Barlow’s legal team says it intends to pursue the matter aggressively as the case moves forward through the courts.

Source: TechCrunch