Hacker claims breach of Nokia internal network, leaks data of over 94,000 employees

A cybercriminal using the alias Tsar0Byte has claimed responsibility for a significant data breach targeting Nokia’s internal network, raising fresh concerns over third-party security vulnerabilities in global tech infrastructure.

The alleged breach was disclosed on underground forums such as DarkForums, where the hacker said access was gained through a compromised third-party contractor’s system. According to the post, the attacker exploited the contractor’s integration with Nokia’s internal tool development environment, bypassing direct security controls.

The incident, if verified, would represent one of the most serious corporate data exposures Nokia has faced in recent years. The threat actor claims to have exfiltrated an internal directory containing personal and professional details of over 94,500 employees. The leaked dataset allegedly includes full names, corporate emails, phone numbers, job titles, departmental affiliations, LinkedIn traces, internal logs involving external partners, employee identification numbers, and corporate hierarchy structures.

Cybersecurity analysts warn that this type of data, even absent source code or credentials, could significantly weaken organizational defenses. The stolen information may be leveraged to craft convincing phishing campaigns, launch impersonation attempts, or perform social engineering attacks against both employees and external partners.

Nokia has acknowledged the claims and confirmed that its internal cybersecurity team is actively investigating the matter. In a preliminary statement, the company said it is aware of the breach reports but has found no evidence that its core systems were compromised. Nonetheless, the company is continuing to monitor for signs of intrusion and working to verify the legitimacy and scope of the incident.