A data breach involving a service provider for Ericsson has exposed personal information belonging to an undisclosed number of employees and customers. The company has notified authorities and affected individuals while offering identity protection services as investigations continue.
Breach Discovered at Third-Party Service Provider
A cybersecurity incident involving a service provider for Ericsson has resulted in the exposure of personal information belonging to employees and customers of the telecommunications company. According to disclosure letters filed with the California Attorney General, the breach was discovered on April 28, 2025, when the external provider responsible for storing certain personal data identified unauthorized access within its systems.
Ericsson stated that the compromised provider was storing personal data on behalf of the company when attackers gained access to a subset of files without authorization. The company said the breach occurred during a window between April 17 and April 22, 2025.
The incident prompted the service provider to notify federal authorities in the United States and engage external cybersecurity specialists to investigate the scope of the intrusion and determine the potential impact of the breach.
Investigation Reveals Exposure of Sensitive Personal Information
According to the company’s disclosures, investigators later determined that files accessed during the breach may have contained personal information belonging to affected individuals. A comprehensive review of the compromised data was conducted by external data specialists and completed on February 23, 2026.
That review confirmed that some of the affected files included personal information such as names, addresses, Social Security numbers, driver’s license numbers, government-issued identification numbers, and dates of birth. Financial information—including bank account numbers and credit or debit card numbers—was also among the categories of data potentially exposed. In some cases, medical information may have been included as well.
A filing with the Texas Attorney General’s office indicated that at least 4,377 individuals in Texas were affected by the breach. The total number of impacted individuals across all jurisdictions has not been publicly disclosed.
Ericsson said that while the data was accessed or acquired without authorization, the compromised service provider has not identified evidence suggesting that the information has been misused since the breach occurred.
Response Measures and Identity Protection Services
Following the discovery of the breach, Ericsson began notifying affected individuals and offering assistance designed to mitigate potential risks related to identity theft. The company is providing complimentary IDX identity protection services to those whose information may have been compromised.
The protection package includes credit monitoring, dark web monitoring, and identity theft recovery services. Individuals who enroll in the program are also eligible for an identity fraud loss reimbursement policy of up to $1 million. Ericsson has set a deadline of June 9, 2026, for affected individuals to enroll in the identity protection program.
Unclear Attribution and Limited Public Disclosure
Although Ericsson has described the incident as a data theft attack, no cybercrime group has publicly claimed responsibility for the breach. The absence of attribution has raised questions about the circumstances surrounding the intrusion.
Security analysts note that in some ransomware-related incidents, attackers publicly disclose stolen data if ransom demands are not met. The lack of such disclosure in this case could indicate that the attackers were unable to verify the source of the data or that negotiations may have taken place privately.
When contacted for additional details, Ericsson declined to provide further information beyond the contents of its notification letters. A spokesperson for the company told the technology publication BleepingComputer that the company had nothing to share beyond the statements already issued.
Ericsson Inc., the United States subsidiary of the Swedish telecommunications company Ericsson, said the breach occurred through the systems of a third-party service provider rather than its own internal infrastructure. Headquartered in Stockholm and founded in 1876, Ericsson operates globally in telecommunications infrastructure and employs nearly 90,000 people worldwide.
