When Companies Hide Data Breaches: What the IBM Allegations Mean for You

A former IBM cybersecurity executive has filed a lawsuit alleging the tech giant covered up multiple data breaches during the mid-2010s without ever disclosing them to affected customers. The allegations raise serious questions about how many breaches happen behind closed doors and whether your personal information was compromised without your knowledge.

The Details

According to the lawsuit, IBM allegedly experienced several security incidents during the 2010s that exposed customer data. Rather than reporting these breaches publicly or notifying affected individuals, the company reportedly chose to keep them quiet. This matters because most data breach notification laws require companies to inform people when their personal information is compromised.

The case highlights a troubling reality in cybersecurity. Not every breach makes headlines. Some companies face strong financial incentives to avoid disclosure, from protecting their reputation to preventing stock price drops. While breach notification laws exist in many states, enforcement varies and companies sometimes calculate that the risk of getting caught is worth taking.

This isn't just about one company's alleged actions. It reveals a broader challenge for consumers: you can't protect yourself from a breach you don't know happened. Your information could be circulating on the dark web for years before you discover someone drained your bank account or opened credit cards in your name.

Who Is Affected

If you or your family members used IBM products or services during the mid-2010s, your data may have been exposed. This includes business customers, individual users of IBM software, and anyone whose employer used IBM systems to store employee information.

Beyond IBM specifically, this case should concern anyone who shares personal information with any company. If major corporations can allegedly hide breaches, smaller companies with fewer resources and less oversight might do the same. Your email address, passwords, financial data, and personal details could be compromised without notification.

What You Should Do Right Now

Check if your email appears in known breaches using a breach monitoring service. This helps identify if your information was part of disclosed or undisclosed incidents.

Change passwords for any IBM accounts you hold, even if they're old or inactive. Use unique, strong passwords with at least 12 characters mixing letters, numbers, and symbols.

Review your credit reports from all three major bureaus (Equifax, Experian, TransUnion) for accounts you didn't open. You're entitled to free reports at AnnualCreditReport.com.

Enable two-factor authentication on all important accounts, especially email, banking, and social media. This adds protection even if your password was exposed.

Monitor your financial accounts weekly for unauthorized transactions. Set up alerts through your bank or credit card company for unusual activity.

The Bigger Picture

This lawsuit underscores why cybersecurity education matters for families. You cannot rely solely on companies to protect you or even to tell you when protection fails. Taking proactive steps to monitor your digital footprint, use strong security practices, and stay informed about breach trends gives you control over your family's safety. The companies holding your data won't always have your best interests at heart.

How GetCyberRight Can Help

Our Breach Monitor tool helps you discover if your personal information appears in known data breaches, including those that companies tried to keep quiet. By regularly checking your family's email addresses and monitoring for exposure, you can take action before criminals do. This proactive approach is essential in a world where not every breach gets announced on the evening news.

When Companies Hide Data Breaches: What the IBM Allegations Mean for You