Why Big Companies Hiding Security Breaches Puts Your Family at Risk

What Happened

A newly unsealed lawsuit alleges that IBM and AT&T concealed nation-state hacking breaches from government authorities and failed to maintain basic security logging on their systems. According to the complaint filed by a former IBM Vice President of Threat Intelligence, both companies lacked fundamental audit trails that should show who accessed sensitive data and when. This isn't about sophisticated criminals outsmarting security experts. This is about two major corporations allegedly skipping security basics.

The Details

Think of security logging like a security camera system for computer networks. Every time someone logs in, accesses a file, or connects remotely, the system should record it. According to the lawsuit, IBM and AT&T didn't properly maintain these records on their VPN connections. VPNs are the digital tunnels employees use to access company systems from home or while traveling.

Without these logs, companies can't tell if a hacker broke in, what they accessed, or how long they stayed. It's like discovering your front door was unlocked for months but having no way to know if anyone walked through it. The lawsuit claims that when nation-state hackers (government-sponsored attackers) did breach these systems, both companies allegedly chose not to disclose these incidents to authorities.

This matters because IBM and AT&T handle sensitive data for millions of customers, including government contracts. When companies this size fail at basic security, the ripple effects touch everyday families who trust them with personal information, phone records, and business communications.

Who Is Affected

If you're an AT&T customer, your call records and account information pass through their systems. If your employer uses IBM services for payroll, benefits, or data management, your personal details might be involved. Government employees and contractors who work with either company face particular risk, as nation-state attackers often target government-related data.

Beyond direct customers, this lawsuit matters to everyone. It reveals how major corporations might handle (or mishandle) breach notifications. If companies can allegedly hide breaches from regulators, they can certainly hide them from customers like you.

What You Should Do Right Now

1. Check if you're an AT&T customer or if your employer uses IBM services. Call your HR department or IT team if you're unsure about your workplace.

The Bigger Picture

This lawsuit reveals an uncomfortable truth about corporate cybersecurity. The problem often isn't that hackers are too sophisticated. The problem is that billion-dollar companies sometimes skip the basics, like keeping proper security logs. When companies face breaches, some apparently choose reputation management over customer protection. Staying informed about these patterns helps you make better choices about which companies deserve your trust and your business.

How GetCyberRight Can Help

Our Breach Monitor tool helps families discover if their data was exposed in corporate breaches, including incidents that companies don't widely publicize. You enter your email addresses and phone numbers, and we alert you when they appear in known data breaches. It's especially valuable when companies prioritize protecting their image over protecting your information. Check your family's exposure today and get alerts about future breaches before they become headlines.