Ericsson Data Breach: 15,000+ Employee and Customer Records Exposed

A significant data breach has impacted the US subsidiary of telecommunications giant Ericsson. The incident, stemming from a compromised third-party service provider, exposed the personal information of 15,661 employees and customers. This serves as a stark reminder of the risks that lurk within complex supply chains, even for industry leaders.

How the Ericsson Breach Unfolded

The breach didn’t originate within Ericsson’s own digital walls. Instead, attackers targeted a vendor responsible for storing sensitive data on the company’s behalf. The service provider first detected suspicious activity on its systems on April 28, 2025. A subsequent investigation traced the unauthorized access back to a window between April 17 and April 22 of that year.

Ericsson Inc. quickly engaged external cybersecurity experts and alerted the FBI. A meticulous review of the potentially affected files was completed months later, on February 23, confirming the exposure of personal data. The company has chosen not to publicly name the third-party provider at the center of the incident.

What Personal Information Was Compromised?

The scope of the data involved is extensive and deeply personal. For the thousands of affected individuals, the exposed information creates a substantial risk of identity theft and fraud. The compromised files contained a range of sensitive identifiers.

Types of Data Exposed

Names and home addresses were part of the haul, providing a basic profile for each victim. Far more concerning is the exposure of key government-issued identification numbers, including Social Security Numbers and driver’s license details.

The breach also reached into financial and medical privacy. Bank account or payment card numbers were accessible, alongside medical information and dates of birth. This combination of data points is a goldmine for cybercriminals looking to commit synthetic identity fraud.

Response and Protection for Victims

In filings with state authorities, including the Texas Attorney General, Ericsson stated that investigators have found no evidence the stolen data has been misused. The notification to over 4,300 Texas residents is part of a broader effort to inform all impacted parties.

Who is behind the attack? As of now, no cybercrime group has stepped forward to claim responsibility. The silence leaves questions about the attackers’ motives—was this a targeted theft for financial gain, or something else?

To mitigate the potential harm, Ericsson is offering complimentary identity protection services through IDX. Affected individuals who enroll by June 9 will receive credit monitoring, dark web surveillance, and identity theft recovery assistance. The offering includes a significant safety net: a $1 million identity fraud reimbursement policy.

“Please note that our service provider has represented to us that they have no evidence of the misuse of any potentially impacted information since the time of the incident,” Ericsson assured in its notification letter. For the 15,661 people involved, enrolling in those protective services is a crucial next step.