Ericsson US Data Breach Follows Service Provider Hack
▼ Summary
– Ericsson’s U.S. subsidiary reported a data breach at a third-party service provider, exposing information for over 15,000 employees and customers.
– The breach occurred between April 17 and April 22, 2025, and was discovered by the service provider on April 28, 2025.
– The stolen data includes highly sensitive personal information such as Social Security numbers, financial details, medical information, and government IDs.
– Ericsson is offering affected individuals free identity protection services, including credit monitoring and identity theft recovery.
– No cybercrime group has claimed responsibility, suggesting the ransom may have been paid or the attackers couldn’t link the data to Ericsson.
Ericsson Inc., the American arm of the global telecommunications leader, has confirmed a significant data breach impacting over 15,000 individuals, stemming from a security incident at one of its service providers. The company disclosed that unauthorized access to sensitive personal information occurred over a five-day period in April 2025, though there is currently no evidence of subsequent misuse of the stolen data.
The breach was discovered by the third-party vendor on April 28, 2025. Following the discovery, the provider immediately engaged external cybersecurity specialists and notified federal law enforcement, including the FBI, to manage the response. A thorough investigation concluded that files containing personal data were potentially accessed without authorization between April 17 and April 22, 2025. The forensic review to identify precisely what information was compromised was finalized on February 23, 2026, prompting the formal notifications.
The types of data exposed are particularly sensitive, placing affected individuals at a heightened risk of identity fraud. According to regulatory filings, the stolen information includes full names, physical addresses, Social Security Numbers, and driver’s license details. It also encompasses various government-issued identification numbers, such as from passports, alongside comprehensive financial data like bank account and payment card numbers. Medical information and dates of birth were also part of the compromised dataset.
In response, Ericsson is offering complimentary identity protection services through IDX to those impacted. This package includes credit monitoring, surveillance of the dark web for personal data, identity theft recovery assistance, and an insurance policy covering up to one million dollars in fraud-related losses. Eligible individuals must enroll in these services by June 9, 2026, to receive the benefits.
While Ericsson has classified the event as a data theft attack, the absence of a public claim of responsibility by any known cybercriminal group presents unanswered questions. This silence could indicate that the service provider opted to pay a ransom demand to prevent data publication, or it may suggest that the attackers have not yet connected the stolen information to the Ericsson brand. The company has declined to provide further commentary beyond the details contained in its official notification letters, leaving the total confirmed impact at 15,661 people.
(Source: Bleeping Computer)
