As reported by Bloomberg, a recently unsealed lawsuit reveals a whistleblower has accused IBM and AT&T of covering up data breaches.

William Barlow, former vice president of threat intelligence for IBM, claims the company had knowledge of breaches impacting its core network but never disclosed them. The alleged breaches occurred between 2013 and 2016 and were conducted by Chinese hackers. Furthermore, at least two subsidiaries of the company were breached, but IBM also covered them up, according to the complaint. As AT&T runs the network on the company’s behalf, it is also involved in the complaint. 

Barlow claims that the company was “routinely hacked by foreign state actors and others” but the proper government agencies were not notified. 

IBM spokesperson Miki Carver told TechCrunch, “This complaint was filed six years ago, and the U.S. Department of Justice declined to intervene. IBM is confident that our actions followed the letter of the law.”

Barlow alleges that in 2017, Five Eyes alerted the company of the breach, prompting an internal investigation. The complaint states Chinese threat actor APT 10 may have breached the company’s network more than 56,000 times from 2013 to 2016. The company reportedly could not investigate further, as it did not keep logs of who accessed its network at what time — a standard security practice. The company then failed to alert any authorities. 

“The data breaches are so large and the Core Networks so poorly designed that neither IBM nor AT&T knows exactly what data was breached, who breached the data, where the data was breached, when the data was breached or whether any data was exfiltrated, altered and/or modified in any respect,” the complaint warns.