%20(1).webp)
Ericsson Inc., the US subsidiary of Swedish telecommunications giant Ericsson, has revealed a significant data breach that compromised sensitive personal and financial information belonging to 15,661 employees and customers.
The security incident was not the result of a direct attack on Ericsson's systems. Instead, the breach originated from a cyberattack targeting a third-party service provider that processes and stores data for Ericsson's US operations.
Threat actors gained unauthorized access to the vendor's systems through a sophisticated "vishing" attack—a social engineering technique where criminals impersonate trusted individuals over the phone to trick employees into revealing login credentials or system access.
%20(1)%20(1).webp)
The attackers successfully infiltrated the vendor's systems and accessed sensitive files between April 17 and April 22, 2025, according to regulatory filings submitted to US authorities. The malicious activity continued undetected for nearly a week until the service provider identified suspicious behavior on April 28, 2025.
Following the discovery, the vendor launched an internal investigation and brought in external cybersecurity experts to assess the scope of the intrusion and determine what data may have been compromised.
Despite the vendor's relatively quick detection of the breach, Ericsson was not formally notified of the incident until November 10, 2025—more than six months after the initial attack. A comprehensive forensic investigation and data review process continued for several additional months to identify affected individuals and catalog the exact information exposed. This analysis was completed on February 23, 2026.
The breach exposed an extensive array of highly sensitive personal information belonging to Ericsson employees and customers. Compromised data potentially includes Social Security Numbers, driver's license numbers, government-issued identification documents such as passports and state IDs, full names, residential addresses, and dates of birth.
Additionally, certain medical or health-related information and financial data—including bank account numbers and credit or debit card details—may have been accessed by the attackers.
While the cybercriminals successfully accessed this sensitive information, there is currently no evidence indicating that the stolen data has been misused or made publicly available.
In response to the breach, both Ericsson and the affected service provider have implemented multiple containment measures and security enhancements to prevent similar incidents. The companies are working to strengthen their cybersecurity defenses and review their third-party vendor security protocols.
This incident highlights the growing risk organizations face from attacks on their supply chain partners and service providers. As companies increasingly rely on third-party vendors to handle sensitive data, ensuring robust security standards across the entire vendor ecosystem becomes critical.
Ericsson is expected to continue monitoring for any signs of data misuse and may offer credit monitoring services to affected individuals. The company will likely face regulatory scrutiny over the delayed notification timeline and its vendor oversight procedures.