NEW YORK — A federal judge in New York ordered a False Claims Act lawsuit naming IBM and AT&T unsealed in the spring of 2026. This lawsuit alleges that the companies concealed foreign hacking breaches from the U.S. government.
The whistleblower complaint, filed under seal in 2020, alleges that IBM and AT&T provided false assurances regarding system security to obtain and maintain federal contracts. The lawsuit states that foreign hackers repeatedly breached computer systems operated by both companies. These systems include a cloud network operated by AT&T on behalf of IBM, which is used by multiple U.S. government agencies.
William Barlow, who served as IBM's vice president of threat intelligence from 2017 until his resignation in 2019, filed the lawsuit. The lawsuit alleges that an internal investigation identified over 50,000 potential connections to a Chinese hacking group between 2013 and 2016. Furthermore, a 2017 internal probe allegedly found unauthorized access to nearly 400 accounts and approximately 200 systems across 18 countries. The lawsuit also claims that the companies did not maintain access logs, which prevented further investigation into these breaches.
IBM spokesperson Adam Pratt stated, "IBM is confident that our actions followed the letter of the law." The U.S. Department of Justice declined to intervene in the False Claims Act lawsuit. Jason T. Brown, an attorney, said, "We’re looking forward to aggressively litigating the matter." He added, "You can’t sell cybersecurity to the federal government while allegedly having these security problem within your own company."
The False Claims Act allows private citizens to file fraud lawsuits on behalf of the U.S. government.