- Ribbon Communications suffered a cyberattack, likely by a state actor targeting corporate files
- Four older client files were accessed from laptops; Affected customers have been notified.
- The investigation continues; Unauthorized access has been terminated and the impact is considered non-material.
Ribbon Communications has confirmed that it suffered a cyber attack in which it lost confidential client documents.
In a new 10-Q filed with the U.S. Securities and Exchange Commission (SEC), the company said it became aware of the attack in early September 2025. Subsequent investigation determined that the attack was most likely carried out by a nation-state actor, with the goal of stealing corporate files.
Ribbon is a major provider of telecommunications software and services, with customers such as Verizon, CenturyLink, and the US Department of Defense, but also “smaller customers,” three of which were affected by this intrusion.
The “smaller customers” affected
The company declined to name the victims as the investigation is currently ongoing, but added that “a total of four older files” were accessed.
“The company has preliminarily determined that initial access by the threat actor may have occurred as early as December 2024, and final determinations are dependent on the completion of the ongoing investigation,” the document reads.
“As of the date of this quarterly report on Form 10-Q, we are not aware of any evidence indicating that the threat actor accessed or exfiltrated material information. Several customer files stored outside of the main network on two laptop computers appear to have been accessed by the threat actor and the company has notified those customers.”
Ribbon did not discuss the identity of the attackers or the nation-state behind them. He stressed that the attack most likely will not have a material impact despite the additional costs related to investigation and network strengthening efforts.
In the filing, Ribbon also said it hired several outside cybersecurity experts to assist with the investigation and forensics, and also notified relevant law enforcement agencies.
“While the investigation is ongoing, the company believes it has successfully terminated unauthorized access by the threat actor,” he concluded.
Through The Registry
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
