Ericsson US discloses data breach after service provider hack
Source: Bleeping Computer
Ericsson Inc., the U.S. subsidiary of Swedish networking and telecommunications giant Ericsson, says attackers have stolen data belonging to an undisclosed number of employees and customers after hacking one of its service providers.
Headquartered in Stockholm and founded in 1876, the parent company is a communications‑tech leader with nearly 90,000 employees worldwide.
In data‑breach notification letters sent to affected individuals and filed with the California Attorney General on Monday, Ericsson said that a service provider storing personal data for employees and customers discovered a breach on April 28, 2025.
After detecting the incident, the service provider notified the FBI and hired external cybersecurity experts to assess the extent of the breach and its impact.
The investigation, completed last month, found that an undisclosed number of individuals had their data exposed. However, Ericsson noted that the compromised provider has yet to find evidence that the data has been misused since the breach.
“Based on the investigation, our service provider determined that a limited subset of files may have been accessed or acquired without authorization between April 17 – April 22, 2025,” Ericsson said.
“As part of its investigation, it retained external data specialists to conduct a comprehensive review of the potential affected files to identify any personal information. That review was completed on February 23 2026 at which time we determined that some of your personal information was contained within the affected files.”
According to a separate filing with the Texas Attorney General, the breach impacted 4,377 individuals in Texas alone. The exposed information includes:
- Names and addresses
- Social Security Numbers
- Driver’s license numbers and other government‑issued ID numbers (e.g., passport, state ID)
- Financial information (account numbers, credit or debit card numbers)
- Medical information
- Dates of birth
Ericsson is now providing free identity protection services, including credit monitoring, dark web monitoring, identity theft recovery, and a $1 million identity‑fraud loss reimbursement policy to affected people who enroll by June 9, 2026.
Although the company flagged this incident as a data‑theft attack, no cybercrime group has taken responsibility. This raises the possibility that the service provider either paid a ransom or that the threat actors were unable to connect the breach to Ericsson.
BleepingComputer reached out to an Ericsson spokesperson for more details, including the total number of affected individuals, but a response was not immediately available.