A critical telecom supplier to BT Group and EE has confirmed in a U.S. filing that customer files were accessed in a cyberattack — yet neither BT nor EE has said a word about it in the UK.

The supplier, Ribbon Communications, disclosed the incident in an October 2025 SEC report, stating that attackers gained access to its internal network and “several customer files saved on two laptops.”

Ribbon builds the core voice-routing and signalling systems used by major telecoms across the world — BT Group among them.

If BT or EE data was among those files, the implications are enormous. Every other Network uses BT/EE infrastructure making any compromise a national-issue, not just a corporate one.

The silence from BT and EE

Despite Ribbon’s disclosure being public, BT Group and EE have issued no customer notifications, press releases, or regulatory statements addressing potential exposure.

Under UK GDPR, any company aware of a personal-data risk must inform the Information Commissioner’s Office within 72 hours. Yet there’s no record of such a notification involving BT or EE.

That leaves a simple question hanging:

If BT and EE’s data wasn’t among those “customer files,” why haven’t they said so?

An unverified but serious claim

Inside Britain has also received an unverified report that the attackers may have obtained source-code files linked to BT Group’s network systems.
This has not yet been independently confirmed — but if accurate, it would elevate the incident far beyond a data leak or supplier breach.

Why source-code theft would matter

Source code is the blueprint of a network’s inner workings.
If hostile actors possess that code, they can:

• Study and exploit vulnerabilities invisible to standard security tools.

• Mimic or manipulate legitimate traffic across cellular and broadband networks.

• Build customised malware designed specifically for BT/EE systems.

• Undermine national-level communications by targeting shared backbone components used by other UK carriers.

In short, stolen source code turns a one-off intrusion into a long-term strategic risk.

Why this matters

The Ribbon intrusion wasn’t a random ransomware hit. Cyber-security analysts reviewing the SEC filing described it as nation-state-level activity — methodical, precise, and designed for long-term access rather than quick profit.

While Ribbon has not officially attributed the attack, multiple experts note that the tactics resemble those used by Chinese state-linked groups targeting telecom infrastructure globally.

Access to internal telecom files or source code could allow adversaries to map vulnerabilities in Britain’s core network, including the systems handling emergency calls, government data, and national communications traffic.

A familiar playbook

This isn’t the first time the BT ecosystem has been exposed via its partners.

Back in 2018, EE left an internal development repository open online containing source code and admin credentials. That incident was resolved quietly — but it proved how easily supplier oversight can create openings.

The Ribbon disclosure looks like another reminder that cyber-security is only as strong as the weakest vendor link.

What should happen now

• BT and EE should confirm publicly whether any of their data — or source code — was accessed.

• The ICO should clarify whether it received any notification from either company.

• Parliament’s Digital and Culture Committee should examine supplier transparency in critical-infrastructure contracts.

Until that happens, millions of UK users are left relying on corporate silence — and that’s not acceptable when the backbone of national communications could be in play.

Why are U.S. reporters doing the digging for Britain?

So far, the only major coverage of the Ribbon Communications breach has appeared in the United States, through Reuters and TechCrunch.
Not a single mainstream British outlet has followed up, despite the fact that BT and EE are directly connected to the company at the centre of it.

That silence — both corporate and media — means British readers are learning about a potential threat to their own telecom infrastructure from American newsrooms.
If it weren’t for public SEC filings in the U.S., the public might never have known at all.

Inside Britain’s view

It’s entirely possible that BT and EE data wasn’t touched.
If so, a straightforward public statement would settle it.

If it was — even indirectly — then honesty is owed to the public.

Either way, the question deserves an answer, because the longer these disclosures stay buried in obscure filings abroad, the less trust the public can have in those running Britain’s most vital networks.

If any of my readers are in cybersecurity, professionally. I would love your take on this.

Sources:

• Ribbon Communications SEC Filing (October 2025)

• Reuters / TechCrunch coverage of the Ribbon breach

• Video Source: YouTube