- Ribbon Communications suffered a cyberattack, likely by a nation-state actor targeting corporate files
- Four older customer files were accessed from laptops; affected clients have been notified
- Investigation continues; unauthorized access has been terminated and impact deemed non-material
Ribbon Communications has confirmed it suffered a cyberattack in which it lost sensitive customer documents.
In a new 10-Q form filed with the US Securities and Exchange Commission (SEC), the company said it became aware of the attack in early September 2025. Subsequent investigation determined that the attack was most likely conducted by a nation-state actor, with the goal of stealing corporate files.
Ribbon is a major supplier of telco services and software, with customers including Verizon, CenturyLink, and the US Defense Department, but also “smaller customers” - three of which were impacted by this intrusion.
"Smaller customers" affected
The company did not want to name the victims since the investigation is currently ongoing, but added that “a total of four older files” were accessed.
“The company has preliminarily determined that initial access by the threat actor may have occurred as early as December 2024, with final determinations dependent on completion of the ongoing investigation,” the filing reads.
“As of the date of this quarterly report on Form 10-Q, we are not aware of evidence indicating that the threat actor accessed or exfiltrated any material information. Several customer files saved outside of the main network on two laptops do appear to have been accessed by the threat actor and those customers have been notified by the company.”
Ribbon did not discuss the identity of the attackers, or the nation-state behind it. It stressed that the attack most likely won’t have a material impact despite additional costs related to the investigation and the network strengthening efforts.
In the filing, Ribbon also said it has brought in multiple third-party cybersecurity experts to assist with the investigation and the forensics, and notified relevant law enforcement agencies, as well.
"While the investigation is ongoing, the Company believes that it has been successful in terminating the unauthorized access by the threat actor," it concluded.
Via The Register
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
