- Ribbon Communications suffered a cyber attack, likely from a nation-state actor, targeting corporate files
- Four older customer files were accessed from laptops; affected customers have been notified
- The investigation continues; unauthorized access has been terminated and the impact is considered immaterial
Ribbon Communications has confirmed that it has suffered a cyber attack in which it lost sensitive customer documents.
In a new 10-Q form filed with the US Securities and Exchange Commission (SEC), the company said it became aware of the attack in early September 2025. Subsequent investigation determined that the attack was most likely carried out by a nation-state actor, with the aim of stealing company files.
Ribbon is a major provider of telecommunications services and software with customers including Verizon, CenturyLink and the US Department of Defense, but also “smaller customers” – three of which were affected by this breach.
“Less customers” hit
The company did not want to name the victims as the investigation is currently ongoing, but added that “a total of four legacy files” were accessed.
“The company has tentatively determined that the initial access by the threat actor may have occurred as early as December 2024, with final determinations dependent on the completion of the ongoing investigation,” the filing reads.
“As of the date of this Quarterly Report on Form 10-Q, we are not aware of any evidence indicating that the threat actor accessed or exfiltrated any material information. Several customer files stored outside the main network on two laptops appear to have been accessed by the threat actor, and these customers have been notified by the Company.”
Ribbon did not discuss the identity of the attackers or the nation-state behind them. It stressed that the attack will most likely not have a significant impact, despite additional costs related to the investigation and efforts to strengthen the network.
In the filing, Ribbon also said it has engaged several third-party cybersecurity experts to assist with the investigation and forensics, and also notified relevant law enforcement authorities.
“While the investigation is ongoing, the company believes it has been successful in terminating the unauthorized access by the threat actor,” it concluded.
Via The register
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
