Ericsson Inc., the United States subsidiary of the Swedish telecommunications giant, has confirmed a data breach affecting 15,661 of its employees and customers.
The security incident did not breach Ericsson’s own networks but instead compromised a third-party service provider responsible for handling the company’s sensitive personal data.
Incident Details and Attack Vector
The breach traces back to an attack on an unnamed service provider supporting Ericsson’s US operations.
Threat actors successfully breached the vendor using a “vishing” (voice phishing) attack, a social engineering technique where attackers trick an employee over the phone into handing over system access.
Through this compromised access, the attackers infiltrated the vendor’s files between April 17, 2025, and April 22, 2025.
The vendor discovered the suspicious activity on April 28, 2025, and promptly launched an internal investigation alongside external cybersecurity specialists.
However, Ericsson was not officially notified about the data exposure until November 10, 2025.
A lengthy and comprehensive review process to identify the victims and the exact exposed data concluded on February 23, 2026.
According to filings with state authorities, the attackers acquired highly sensitive personal and financial data. The exposed information includes
- Full names, addresses, and dates of birth.
- Social Security Numbers (SSNs) and driver’s license numbers.
- Government-issued IDs, including passports and state identification cards.
- Financial data, such as bank account numbers and credit or debit card details.
- Sensitive medical information.
Mitigations and Security Response
While no ransomware group has claimed responsibility for the attack and there is currently no evidence of data misuse, Ericsson and its vendor have taken several steps to contain the threat:
- Law Enforcement Involvement: The third-party vendor immediately notified the Federal Bureau of Investigation (FBI) to assist with tracking the threat actors.
- System Hardening: The vendor forced mandatory password resets, implemented enhanced security measures, and increased staff cybersecurity training to prevent future social engineering attacks.
- Identity Protection: Ericsson is providing affected individuals with complimentary identity protection through IDX. This service includes dark web monitoring, credit monitoring, and a $1 million identity fraud loss reimbursement policy. Affected users must enroll by June 9, 2026, to receive these benefits.
This incident highlights the growing cybersecurity risks associated with supply chains and third-party vendors.
Even when a major corporation like Ericsson secures its internal systems, attackers can exploit weaker links in the supply chain using simple but effective tactics like vishing.
Organizations must remain vigilant, as stolen data from these breaches can circulate quietly on the dark web for months before criminals use it for identity theft or financial fraud.
Employees and customers impacted by this breach are strongly advised to monitor their bank statements and place fraud alerts on their credit profiles.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
