- Ribbon Communications suffered a cyberattack, likely carried out by a state actor targeting company files.
- Four older client files were accessed from laptops; affected customers have been informed
- The investigation continues; unauthorized access has been stopped and the impact is deemed not significant
Ribbon Communications has confirmed that it suffered a cyberattack in which it lost sensitive customer documents.
In a new Form 10-Q filed with the U.S. Securities and Exchange Commission (SEC), the company said it became aware of the attack in early September 2025. A subsequent investigation determined that the attack was most likely carried out by a state actor, with the aim of stealing company files.
Ribbon is a major provider of telecommunications services and software, with clients including Verizon, CenturyLink and the US Department of Defense, as well as “smaller clients” – three of which were affected by this intrusion.
The “small customers” concerned
The company did not wish to name the victims since the investigation is currently ongoing, but added that “in total, four older files” were consulted.
“The Company has preliminarily determined that initial threat actor access could have occurred as early as December 2024, with final determinations contingent upon completion of the ongoing investigation,” the filing states.
“As of the date of this Quarterly Report on Form 10-Q, we are not aware of any evidence indicating that the threat actor accessed or exfiltrated material information. Multiple customer files stored outside of the main network on two laptops appear to have been accessed by the threat actor and these customers have been notified by the company.”
Ribbon did not discuss the identity of the attackers, or the nation-state behind it. He stressed that the attack would likely not have a material impact despite the additional costs associated with the investigation and network hardening efforts.
In the filing, Ribbon also said it retained several third-party cybersecurity experts to assist with the investigation and forensic analyses, and also notified relevant law enforcement.
“While the investigation is ongoing, the Company believes it has successfully terminated the threat actor’s unauthorized access,” it concludes.
Via The register
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
