A cybersecurity incident involving a third-party service provider has exposed personal data belonging to more than 15,000 employees and customers linked to Ericsson’s U.S. operations.
Ericsson Inc., the U.S. subsidiary of the Swedish telecommunications and networking company Ericsson, confirmed the breach in data notification letters sent to affected individuals and filed with the California Attorney General.
The parent company, headquartered in Stockholm and founded in 1876, is a major global communications technology provider with nearly 90,000 employees worldwide.
According to the notification, the breach was discovered on April 28, 2025 by a service provider responsible for storing personal data of Ericsson employees and customers.
After detecting the incident, the vendor informed the FBI and engaged external cybersecurity specialists to investigate the breach and assess its impact.
The investigation, which concluded last month, determined that 15,661 individuals had their information exposed. Ericsson noted that the compromised service provider has not found evidence so far that the stolen data has been misused.
“Based on the investigation, our service provider determined that a limited subset of files may have been accessed or acquired without authorization between April 17, 2025 and April 22, 2025,” Ericsson said.
“As part of its investigation, it retained external data specialists to conduct a comprehensive review of the potential affected files to identify any personal information. That review was completed on February 23, 2026 at which time we determined that that some of your personal information was contained within the affected files.”
A separate filing with the Texas Attorney General revealed that the compromised data may include sensitive personal information such as names, addresses, Social Security numbers, driver’s license numbers, government-issued identification numbers including passports and state ID cards, financial information such as account numbers and credit or debit card details, medical information and dates of birth.
To support affected individuals, Ericsson is offering free IDX identity protection services. These services include credit monitoring, dark web monitoring, identity theft recovery assistance and a $1 million identity fraud loss reimbursement policy for those who enroll by June 9, 2026.
Although the company described the incident as a data theft attack, no cybercrime group has claimed responsibility for the breach. This has raised the possibility that the service provider may have paid a ransom or that attackers were unable to publicly link the breach to Ericsson.
When asked for additional details about the incident, including confirmation of the number of affected individuals, a company spokesperson said they did not have “anything to share beyond the letter.”
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
