Ericsson U.S. discloses data breach affecting more than 15,000 people after vendor hack

Ericsson Inc., the U.S. subsidiary of Swedish telecom giant Ericsson, has disclosed a data breach that exposed personal information belonging to more than 15,000 employees and customers. The incident occurred after attackers compromised a third-party service provider that stored sensitive records for the company.

According to official breach notifications submitted to state regulators, the compromised vendor discovered the intrusion on April 28, 2025. Investigators later determined that attackers may have accessed or acquired files containing personal data between April 17 and April 22, 2025.

Ericsson said the investigation confirmed that 15,661 individuals were affected by the incident. The company notified impacted individuals and filed disclosure reports with multiple state authorities, including California and Texas.

Breach traced to third-party service provider

The breach did not originate from Ericsson’s own internal network. Instead, it occurred within a service provider that handled data related to employees and customers.

After detecting the incident, the vendor reported it to law enforcement and brought in external cybersecurity experts to conduct a forensic investigation.

The review process lasted several months. According to Ericsson, data specialists completed a full analysis of the potentially affected files on February 23, 2026, confirming that personal information belonging to Ericsson employees and customers had been exposed.

The company says there is currently no evidence that the stolen data has been misused, although investigations into the incident have concluded.

What data was exposed

Regulatory filings indicate that attackers accessed a wide range of sensitive personal information.

Types of exposed information

• Full names
• Home addresses
• Social Security numbers
• Driver’s license numbers
• Government identification numbers such as passport or state ID numbers
• Financial information including bank account numbers and payment card numbers
• Medical information
• Dates of birth

The exact mix of data exposed varies by individual.

Because the incident involved highly sensitive identifiers such as Social Security numbers and financial data, affected individuals may face long-term identity theft risks even if no immediate misuse has been detected.

Timeline of the incident

Event	Date
Unauthorized access window	April 17–22, 2025
Breach discovered by vendor	April 28, 2025
Investigation completed	February 23, 2026
Public disclosures and notifications	March 2026
Total affected individuals	15,661

The extended investigation period reflects the complexity of analyzing potentially compromised files and determining which individuals were affected.

Identity protection offered to victims

Ericsson is offering free identity protection services to those impacted by the breach.

Services available to affected individuals

• Credit monitoring
• Dark web monitoring
• Identity theft recovery services
• Identity fraud reimbursement coverage up to $1 million

These services are provided through IDX, a company that specializes in identity protection and breach response.

Individuals must enroll in the protection program before June 9, 2026 to receive coverage.

No threat actor has claimed responsibility

Despite the scale of the breach, no ransomware or cybercrime group has publicly claimed responsibility for the attack.

Security analysts say this leaves several possibilities:

• The attackers may have stolen the data without publicly leaking it
• The service provider may have resolved the situation privately
• Threat actors may not have identified Ericsson as the victim
• The breach may not have involved ransomware at all

Ericsson has not provided further details about the attack method or the identity of the compromised service provider.

Ericsson’s global footprint

Ericsson is one of the world’s largest telecommunications equipment providers. Founded in 1876 and headquartered in Stockholm, the company develops networking infrastructure used by telecom operators worldwide.

The company employs roughly 90,000 people globally and plays a major role in global 5G infrastructure deployment.

Because of its position in the telecommunications ecosystem, security incidents affecting Ericsson or its partners can draw attention from regulators and security experts.

What affected individuals should do

People whose data may have been exposed should take several precautionary steps.

• Enroll in the free identity protection services offered by Ericsson
• Monitor credit reports and financial accounts for suspicious activity
• Place fraud alerts or credit freezes with credit bureaus if necessary
• Be cautious of phishing emails or calls referencing the breach
• Report suspected identity theft immediately

Even if no misuse has been reported so far, security experts recommend continued monitoring because stolen personal data can surface months or years after a breach.

Key facts about the Ericsson data breach

Detail	Information
Company	Ericsson Inc. (U.S. subsidiary of Ericsson)
Incident type	Third-party data breach
Discovery date	April 28, 2025
Data exposure window	April 17–22, 2025
Affected individuals	15,661
Types of data exposed	Personal, financial, and medical information
Protection offered	IDX identity protection services
Enrollment deadline	June 9, 2026

FAQ