A lawsuit unsealed in New York alleges IBM and AT&T concealed foreign cyber intrusions from the U.S. government over years, according to claims by a former IBM cybersecurity official. The complaint was filed under seal in 2020 and is still pending in federal court. The whistleblower, William Barlow—former IBM vice president of threat intelligence—alleges breaches occurred repeatedly and that the companies failed to disclose incidents in violation of contractual and legal requirements for federal cybersecurity certifications. IBM’s spokesperson says the company’s actions complied with the law. The case raises heightened risk concerns for higher education technology procurement because many universities and public sector agencies rely on large government contractors for cloud infrastructure and network services. It also spotlights governance expectations for breach disclosure, certification accuracy, and the verification of security assurances. For university cybersecurity leaders, the relevance is direct: vendor risk management now extends beyond technical controls to legal disclosure practices and contract compliance histories.