Navigation section

Five Ex Kyndryl Cybersecurity Staff Sue Over Discrimination and Retaliation

  • Thread Author
Five former members of Kyndryl’s U.S. cybersecurity team have filed a federal lawsuit alleging systematic discrimination and retaliatory firings tied to race, national origin, age, disability, and whistleblowing — an escalation of complaints that previously moved through the EEOC and that industry watchers say could deepen scrutiny of the IBM spinoff’s workplace practices.

Diverse team reviews confidential documents in a dim, high-tech briefing room.Background​

Kyndryl, the infrastructure-services company spun out of IBM, has faced multiple employment-related suits and EEOC complaints in recent years. That broader legal context matters because the new complaint sits alongside a string of earlier claims alleging age and disability discrimination at both Kyndryl and IBM, and because the alleged misconduct in this case touches on sensitive issues — from alleged racial and national-origin bias to claims that employees who reported criminal conduct on company systems were discouraged from documenting it.
The complaint at the center of the current story — filed in the U.S. District Court for the Southern District of New York — names five plaintiffs: Aaron O’Reilly, Rahul Bakshi, Mustapha Salaudeen, Wai Tam, and Rishidhar Vangapelly. According to the filing, these were members of Kyndryl’s Security Intelligence Center for the U.S., the group responsible for protecting customer data and maintaining service continuity for critical customers, including federal agencies. The plaintiffs claim they were targeted in layoffs and internal staffing moves intended to remove foreign-born, non‑white, disabled, and older employees and to replace them with younger, white, non-disabled, American-born workers.
The suit follows EEOC activity: when administrative remedies with the EEOC did not resolve the matters, claimants sought and received the right-to-sue letters that allow them to press their charges in federal court. This procedural history is typical in employment discrimination litigation and establishes the official administrative trail that precedes federal litigation.

What the complaint alleges​

Who the plaintiffs are, and what they did​

  • Aaron O’Reilly — described in the complaint as the associate director of the Security Intelligence Center for the U.S.; a white disabled veteran who developed cybersecurity skills in the U.S. Army.
  • Rahul Bakshi, Mustapha Salaudeen, Wai Tam, and Rishidhar Vangapelly — security analysts described in the complaint as top performers who handled the largest number of security tickets, trained new analysts, and reviewed security reports.
The complaint recounts a timeline in which a non‑white, foreign‑born vice president was removed in early 2023 and replaced by two white male executives. One of those executives became O’Reilly’s supervisor and — according to plaintiffs — was central to the hostile work environment and the alleged discriminatory termination decisions. The filing names alleged comments and behavior by the new leadership and by a deputy CISO that plaintiffs say demeaned foreign‑born and non‑white staff.

Specific incidents alleged in the complaint​

The complaint includes several detailed allegations that are both operational and legally significant:
  • A security analyst (plaintiff Bakshi) allegedly found Kyndryl employees using company systems to access unlawful sexually explicit material, including bestiality. An executive is said to have joked about the findings, making light of the discovery.
  • After Rishidhar Vangapelly identified evidence of child sexual abuse material accessed on company systems, the complaint says he and O’Reilly were admonished for documenting those findings in writing because of potential reputational or stock‑price impacts. Such allegations, if borne out, would raise serious policy and legal concerns beyond employment law — involving incident response obligations and potential criminal-reporting duties.
  • Plaintiffs say they were told to prepare lists of employees to be “benched” and that the selected names were disproportionately foreign‑born persons of color. They further allege instructions to terminate employees who had taken medical leave — allegedly to avoid the appearance that the terminations were medically related. The complaint claims HR ignored internal objections and requests for reasonable accommodations.
These allegations combine discrimination claims (race, national origin, age, disability) with retaliation and whistleblower claims tied to employees’ attempts to raise internal concerns about wrongdoing and workplace practices. The mix of allegations makes the litigation legally complex and fact‑intensive.

Legal framework and procedural posture​

Statutory and administrative underpinnings​

Employment‑discrimination suits like this typically assert violations of federal statutes such as Title VII (race and national origin), the Age Discrimination in Employment Act (ADEA), and the Americans with Disabilities Act (ADA), along with state‑law analogues where applicable. Before filing in federal court, claimants generally exhaust administrative remedies through the EEOC; the EEOC’s issuance of a right‑to‑sue letter allows plaintiffs to proceed in district court. The complaint described in public coverage follows that standard pathway.

Procedural posture​

According to reporting, the plaintiffs’ claims were filed in the Southern District of New York and build on EEOC filings made previously. Other separate cases and related litigation involving Kyndryl and IBM have been litigated in federal courts and are publicly available on dockets such as Justia and PACER — showing a pattern of employment‑law disputes involving the companies. The presence of prior, high‑profile cases (for example, age discrimination suits) does not itself prove wrongdoing in the current matter, but it does establish that the companies have faced sustained legal scrutiny on employment practices.

Why this matters to enterprise IT and security teams​

The central unit at issue — Kyndryl’s Security Intelligence Center — performs critical operational security work for enterprise and government customers. If the allegations about decision‑making and suppression of investigative documentation are accurate, they raise at least three major concerns for customers, partners, and regulators:
  • Operational risk: Suppressing documentation of abuse or failing to act on evidence of criminal activity inside company systems could impair incident response and expose customers to unresolved threats. An environment that penalizes reporting creates systemic risk for security outcomes.
  • Compliance and legal risk: Documenting and escalating certain types of criminal content (e.g., child sexual abuse material) may implicate reporting obligations and require coordination with law enforcement. Allegations that reporting was discouraged because of reputational or stock‑price concerns would be particularly damaging.
  • Talent and retention: Allegations that high‑performing analysts were targeted due to nationality, race, or disability risk a brain drain at a time when cybersecurity talent remains scarce and costly to replace. This would have both immediate operational impact and longer‑term strategic consequences.
For customers and federal agencies that depend on Kyndryl for security and continuity, governance and personnel judgment are core elements of trust. Litigation that alleges the departure of senior, specialized, or cleared staff on discriminatory grounds or as retaliation for whistleblowing can harm that trust and raise procurement and contracting questions.

Kyndryl’s position and public statements​

Kyndryl did not provide an on‑the‑record comment to the outlet that first reported the suit. The company has, however, publicly contested and pushed back against certain other criticisms in recent months — notably when it issued a corporate statement in March 2025 rejecting a short‑seller report as “inaccurate and deliberately misleading.” That investor‑facing statement shows Kyndryl’s willingness to publicly defend its disclosures and to dispute third‑party allegations that could move markets. But that statement did not address the employment or EEOC claims now before the court.
The absence of a specific Kyndryl statement on the new complaint is not unusual at the commencement of litigation; companies often rely on counsel and on litigated responses rather than public comment. Still, in high‑stakes cases — especially when allegations touch on criminal conduct and regulatory obligations — silence can increase pressure from customers, investors, and regulators to clarify policies and controls.

Cross‑checking the record: what’s corroborated, what isn’t​

The central load‑bearing facts in the complaint are (a) the names of the plaintiffs and the existence of a filed complaint in the Southern District of New York; (b) the presence of EEOC charges and right‑to‑sue letters; and (c) the specific factual allegations recited in the complaint (e.g., alleged jokes, instructions to “bench” particular employees, and alleged admonishments against documenting evidence of criminal use of company systems).
  • The filing and the plaintiffs’ names are reported in contemporary tech press coverage that reproduces and summarizes the complaint.
  • The broader history of employment litigation involving Kyndryl and IBM is documented in federal dockets, and earlier suits alleging age and disability discrimination have been litigated in federal court — establishing a broader context of related claims.
  • The plaintiffs’ representation by employment counsel and public comments by their attorney are documented on counsel’s public site, corroborating counsel involvement.
Caveats and unverifiable points:
  • Media summaries reproduce allegations from the complaint; those factual assertions are allegations at this stage and have not been adjudicated. The complaint describes conversations, internal directives, and motivations attributed to Kyndryl leadership — but those remain contested facts to be examined through discovery. The company’s internal communications and HR records (the primary evidence) are not publicly available at present, so independent confirmation of these specific interactions is not yet possible.

Legal and evidentiary hurdles ahead​

Employment discrimination, whistleblower retaliation, and related civil claims turn on nuanced fact patterns and proof. The plaintiffs will need to show through documentation, emails, witness testimony, and comparative employment data that adverse employment actions were motivated by prohibited characteristics or by retaliatory intent. Kyndryl’s defense is likely to assert legitimate, nondiscriminatory business reasons for staffing changes (e.g., restructuring, performance metrics, or business strategy).
Key legal steps and likely focal points in upcoming litigation will include:
  • Pleadings and jurisdictional motions — The defendant will likely move to dismiss or to limit counts that are legally insufficient. Courts commonly parse pleadings early to narrow issues.
  • Discovery — Plaintiffs will seek internal communications (emails, meeting notes), HR records (layoff lists, performance reviews), and document trails for decisions to “bench” or terminate employees. Kyndryl will seek to protect privileged materials while producing core non‑privileged documents.
  • Comparator and statistical evidence — Plaintiffs will try to show a pattern (e.g., that terminations disproportionately affected foreign‑born or minority employees) and may use lists, timelines, and hiring records as evidence. Defendants will counter with legitimate business explanations and individualized reasons for each dismissal.
  • Whistleblower and retaliation claims — For claims tied to reporting criminal content or internal wrongdoing, evidence showing temporally proximate adverse actions after complaints will be critical. Plaintiffs contend they raised concerns internally, and that those efforts prompted retaliatory scrutiny and administrative leave; proving causation will be a fact‑intensive inquiry.

Risks and consequences for Kyndryl and customers​

If the plaintiffs obtain discovery that corroborates systemic discrimination or improper suppression of criminal‑content reporting, potential consequences could include:
  • Monetary damages: Compensatory and potentially punitive damages for individuals (depending on statutory caps, claims, and proof).
  • Injunctions and equitable relief: Court orders requiring policy changes, mandatory training, or oversight of HR practices.
  • Reputational and contract risk: Federal agencies and large enterprise customers sensitive to vendor governance could reevaluate contracts if operational integrity is credibly questioned.
  • Regulatory scrutiny: Depending on findings, other agencies (state labor departments, federal contracting authorities) might probe compliance with procurement and workplace laws.
Conversely, if Kyndryl’s documented business reasons for staffing changes are upheld and the alleged discriminatory animus is not supported by documentary evidence, the company’s legal exposure could be mitigated. Litigation outcomes are heavily dependent on what emerges in discovery.

Strengths and weaknesses of the plaintiffs’ case (as reported)​

Strengths alleged by plaintiffs and their counsel​

  • Documented EEOC filings and right‑to‑sue letters create a procedural foundation for federal litigation.
  • Detailed factual allegations — including alleged remarks, direct instructions, and specific directives — if corroborated by documents or witnesses, can provide strong direct evidence of discriminatory intent.
  • Operational sensitivity: claims that documenting criminal content was discouraged could be persuasive to juries and regulators because they touch on more than ordinary employment disputes; they implicate corporate responsibility to customers and the public.

Potential weaknesses and defenses Kyndryl may assert​

  • Business‑restructuring explanation: Companies routinely assert legitimate business reasons (reorganization, cost control, strategic realignment) for workforce changes. Kyndryl can point to business rationales and to contemporaneous performance records.
  • Burden of proof: Discrimination claims require proof that impermissible motives predominated over legitimate reasons. If Kyndryl’s documentation (e.g., performance metrics, workforce plans) explains decisions, plaintiffs face a harder path.
  • Evidentiary gaps: Media summaries repeat allegations from the complaint; until internal emails and HR records are produced, some claim elements remain allegations that may be difficult to prove.

What to watch next​

  • Early court filings: Motions to dismiss, demands to arbitrate, or jurisdictional challenges could shape the case. Watch the Southern District of New York docket for procedural entries.
  • Discovery production: The timing and content of document production will be pivotal. Disclosure of emails, HR files, or “bench” lists would materially change the public understanding of what happened.
  • Kyndryl’s formal response: Expect Kyndryl to respond in court papers; those filings will outline its defenses and may include declarations and documents intended to counter plaintiff assertions.
  • Customer and investor reaction: Institutional customers or procurement officials may seek assurances about governance and incident‑reporting controls. Meanwhile, investors will watch litigation risk in the broader context of other legal and market pressures Kyndryl has faced.

Practical takeaways for IT leadership and security teams​

  • Document everything: When security personnel find criminal content or policy violations, clear, timestamped documentation and escalation to appropriate internal channels (and law enforcement when required) can reduce organizational risk and protect staff. The complaint highlights how controversial decisions can explode into legal and reputational crises if documentation trails are weak.
  • Separate legal and reputational concerns from duty to act: Organizations must balance reputational concerns against statutory and ethical duties to retain evidence and to report certain criminal content. Policies should be clear about mandatory reporting obligations and employee protections for doing their jobs.
  • Strengthen HR governance around layoffs and redeployments: “Benching” programs and internal redeployment processes should be transparent, documented, and nondiscriminatory with clear avenues for appeal and accommodation requests. HR should preserve contemporaneous decision records to withstand legal scrutiny.
  • Protect and encourage whistleblowers: Effective whistleblower channels and anti‑retaliation safeguards are essential. Employees who report wrongdoing must be protected, not sidelined. Policies, training, and independent review mechanisms help demonstrate good faith if disputes arise.

Conclusion​

The newly filed complaint against Kyndryl alleging targeted firings of non‑white, foreign‑born, disabled, and older cybersecurity staff combines classic employment‑discrimination claims with disturbing allegations about the suppression of criminal incident documentation. The suit lands in an environment where Kyndryl has already faced related employment litigation and investor scrutiny, creating potential legal, operational, and reputational headwinds.
At this stage, the complaint’s factual assertions remain allegations that will be tested through discovery and adversarial briefing. What happens next — particularly what internal records and communications the parties must produce — will determine whether the case proves an organizational failure of governance or a contested employment dispute explained by legitimate business reasons. Either way, the litigation is a reminder that workforce decisions in security teams are not purely personnel matters: they can implicate customer trust, criminal‑content reporting obligations, and corporate governance in ways that materially impact enterprise risk.
Source: theregister.com Kyndryl sued for firing non-white workers, disabled vet
 

Click to expand...
You must log in or register to reply here.
Back
Top