Fixed Intel
HIGH THREAT ALERT
Aggregated Intel
High
Industry NewsImpact: 65/10

Thousands Affected by Ericsson Data Breach

The telecommunications equipment and services giant has blamed the incident on a third-party vendor.

FIFixed Intel Team||2 min read|8 Views
Thousands Affected by Ericsson Data Breach

AI-Generated Summary

Ericsson's US subsidiary disclosed a data breach originating from a third-party service provider that experienced unauthorized access between April 17-22, 2025, with the investigation concluding in February 2026. Approximately 15,000 individuals had their personal information potentially accessed, though it remains unspecified whether affected data belongs to employees or customers. No evidence of data misuse has been reported, but the extended investigation timeline raises concerns about third-party risk management.

Affected Sectors

TelecommunicationsTechnologyManufacturing

Frameworks

NIST CSFISO27001GDPRNIST SP 800-53SOC 2

Aggregated from SecurityWeek

This article was automatically aggregated from an external source. Content may be summarized.

Read Original

Full Analysis

Ericsson data breach

The US subsidiary of global telecommunications equipment and services giant Ericsson has disclosed a data breach affecting the personal information of thousands of individuals.

Ericsson said the breach occurred at a third-party service provider that detected unauthorized access to data on its systems in April 2025. 

The unnamed service provider conducted an investigation and determined that files storing personal information may have been accessed between April 17 and 22, 2025. 

The investigation into the incident was only completed in February 2026.

In a notice with the Maine Attorney General’s Office, Ericsson said the data breach impacts roughly 15,000 individuals. 

“Please note that our service provider has represented to us that they have no evidence of the misuse of any potentially impacted information since the time of the incident,” Ericsson said.

Advertisement. Scroll to continue reading.

However, “no evidence of misuse” is a standard disclaimer frequently issued by breached organizations, even in cases where stolen data is confirmed to have been publicly leaked.

Ericsson said it shares both employee and customer data with third-party service providers, but it has not specified which category is affected by this incident. 

Related: Hundreds of Salesforce Customers Allegedly Targeted in New Data Theft Campaign

Related: New LexisNexis Data Breach Confirmed After Hackers Leak Files

Related: 1.2 Million Affected by University of Hawaii Cancer Center Data Breach

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure.

Register

Join the event where top security experts unpack the biggest software supply chain risks.

Register

Originally published by SecurityWeek

Original Source

SecurityWeek