Emerging ThreatsData Breaches

IBM, AT&T Face Allegations of Concealing Data Breaches

Analyst 207||Source: SecurityMag
Rows of computer servers and networking equipment in a brightly-lit institutional server room with a cityscape visible…

"Chinese threat actor APT 10 may have breached the company’s network more than 56,000 times from 2013 to 2016," the complaint states — an allegation that sits at the center of a newly unsealed lawsuit accusing IBM and AT&T of concealing widespread intrusions.

Who is alleging what: William Barlow and the core claim

The unsealed complaint, reported by Bloomberg and described in the filing, comes from William Barlow, identified as a former vice president of threat intelligence for IBM. Barlow claims IBM had knowledge of breaches affecting its core network between 2013 and 2016 and did not disclose them. He alleges the intrusions were carried out by Chinese hackers, and that at least two of IBM’s subsidiaries were breached and those incidents were also concealed.

Details in the complaint: frequency, timeline and log gaps

According to the complaint, the attacks span a multi‑year window. It states that the Chinese threat actor APT 10 may have compromised the company’s network more than 56,000 times from 2013 to 2016, and that the company was “routinely hacked by foreign state actors and others.” The filing also asserts IBM lacked logs of who accessed its network at what time — a deficiency the complaint describes as preventing further investigation into the scope and impact of the intrusions.

Five Eyes notification and alleged failure to alert authorities

Barlow’s complaint says that Five Eyes alerted the company to the breach in 2017, leading to an internal investigation. Despite that notice and the internal work, the complaint alleges the company failed to notify the proper government agencies. The suit warns of substantial uncertainty about what was affected: “The data breaches are so large and the Core Networks so poorly designed that neither IBM nor AT&T knows exactly what data was breached, who breached the data, where the data was breached, when the data was breached or whether any data was exfiltrated, altered and/or modified in any respect.”

AT&T’s operational role and the parties named

The complaint includes AT&T because, as the filing notes, AT&T runs the network on IBM’s behalf. That operational relationship is cited in the suit as part of why AT&T is involved in the allegations. Barlow’s claim presses that both IBM and AT&T were party to the circumstances that left the company unable to determine the full contours of the intrusions or whether data was removed or changed.

IBM’s response and the Department of Justice

IBM spokesperson Miki Carver told TechCrunch, “This complaint was filed six years ago, and the U.S. Department of Justice declined to intervene. IBM is confident that our actions followed the letter of the law.” The statement ties a DOJ decision to the case’s procedural history as described by IBM’s representative.

What this means for technologists, policymakers, and procurement leaders

  • Technologists and security teams: The complaint’s emphasis on missing access logs spotlights the investigative limits a lack of logging creates. Security teams will likely pay attention to the claim that the company “did not keep logs of who accessed its network at what time,” since that directly affects incident response and root‑cause analysis.
  • Policymakers and regulators: The filing alleges that despite a Five Eyes notification in 2017, proper government agencies were not informed. Regulators and oversight bodies will note the complaint’s assertions about notification practices and the DOJ’s reported decision not to intervene, as described by IBM’s spokesperson.
  • Enterprises and procurement leaders: The complaint names AT&T because it “runs the network on the company’s behalf,” and alleges at least two subsidiaries were breached. Organizations that rely on third‑party network operations will be attentive to how responsibility and visibility across vendor relationships are described in the suit.

The unsealed complaint frames a constellation of claims — frequent intrusions, missing access logs, cross‑jurisdictional notification questions, and corporate responsibility where network operations are outsourced. The filing leaves open a central practical question it states neither IBM nor AT&T can answer: whether any data was exfiltrated, altered or modified. The public record now includes the complaint, IBM’s statement about the DOJ decision, and the allegation of more than 56,000 APT 10 intrusions from 2013 to 2016; how courts, regulators and the named companies proceed from that record will determine whether those gaps are ever closed.

Original reporting: https://www.securitymagazine.com/articles/102353-whistleblower-accuses-ibm-at-and-t-of-covering-up-breaches

ChinaData BreachEmerging ThreatsNation-StateTelecommunicationsThreat IntelligenceAPT10Concealed IntrusionsIBMAT&T
Related Intelligence

Continue Reading

Laptop and workstation setup with a blank screen amidst a clean environment.

Shai-Hulud Malware Targets Python Packages, Exposes Developer Secrets

Hundreds of thousands of downloads of 19 popular Python packages were compromised in a massive supply-chain attack that stole developer secrets, courtesy of the Shai-Hulud malware. The malicious packages, disguised as useful bioinformatics and science tools, were actually designed to expose sensitive information.

Analyst 207
Radar system installed on a raised platform in a desert landscape under a clear blue sky.

Handala's Israeli Radar Claim Sparks Skepticism

Can a mysterious Iranian-linked hacker group really take down Israel's radar systems? Handala claims it did on the same day Israel and Iran exchanged missile fire, but experts are raising an eyebrow.

Analyst 207
Smartphone displaying WhatsApp conversation with suspicious link on a clean, minimalist surface.

WhatsApp Disrupts NSO Group's Spyware Phishing Campaigns

Meta's WhatsApp team swiftly sprang into action, disrupting a sophisticated spyware phishing campaign linked to the NSO Group after investigating user reports of targeted social-engineering attacks. They successfully stopped the attackers' attempts to trick people into clicking malicious links that could have put their data at risk.

Analyst 207
Person browsing on a laptop in a busy coffee shop with blurred background.

China Exploits Job Sites for Spying on Five Eyes Targets

Be cautious on job sites - Chinese spies are posing as recruiters on LinkedIn, Indeed, and Upwork to trick Five Eyes targets into divulging sensitive information. They're using clever social engineering tactics to make their scams seem all too believable.

Analyst 207