Ericsson US Discloses Data Breach After Service Provider Hack
Ericsson US Discloses Data Breach 🚨
Ericsson Inc., the U.S. subsidiary of the Swedish networking and telecommunications giant Ericsson, has revealed that attackers have stolen data belonging to an undisclosed number of employees and customers after hacking one of its service providers. In data breach notification letters sent to affected individuals and filed with the California Attorney General, Ericsson stated that a service provider storing personal data for employees and customers discovered a breach on April 28, 2025.
After detecting the incident, the service provider notified the FBI and hired external cybersecurity experts to assess the extent of the breach and its impact. The investigation, completed last month, found that an undisclosed number of individuals had their data exposed in the incident. However, Ericsson noted that the compromised provider has yet to find evidence that the data has been misused since the breach. “Based on the investigation, our service provider determined that a limited subset of files may have been accessed or acquired without authorization between April 17, 2025 and April 22, 2025,” Ericsson said.
As part of its investigation, the service provider retained external data specialists to conduct a comprehensive review of the potentially affected files to identify any personal information. That review was completed on February 23, 2026, at which time it was determined that personal information was contained within the affected files.
According to a separate filing with the Texas Attorney General, the breach impacted 4,377 individuals in Texas alone. The exposed information includes affected individuals’ names, addresses, Social Security Numbers, Driver’s License numbers, government-issued ID numbers (e.g., passport, state ID cards), financial information (e.g., account numbers, credit or debit card numbers), medical information, and dates of birth. Ericsson is now providing free IDX identity protection services, including credit monitoring, dark web monitoring, identity theft recovery, and a $1 million identity fraud loss reimbursement policy to affected people who enroll by June 9, 2026.
Although the company flagged this incident as a data theft attack, no cybercrime group has taken responsibility for the breach. This raises the possibility that either the service provider paid the ransom demanded by the attackers or that the threat actors were unable to connect the breach to Ericsson. When BleepingComputer reached out for more details on the breach, including the total number of affected individuals, an Ericsson spokesperson said they didn’t have “anything to share beyond the letter.”