Ericsson U.S. Discloses Data Breach After Third-Party Provider Hack Exposes Employee and Customer Data

By Ash K
Ericsson U.S. Discloses Data Breach After Third-Party Provider Hack Exposes Employee and Customer Data

Ericsson’s U.S. division has confirmed a data breach after attackers compromised a third-party service provider that stored certain company data. According to a breach notification submitted to regulators, the incident may have exposed personal information belonging to employees and customers.

Ericsson Inc., the American arm of the Swedish telecommunications giant, stated that the security incident was detected by the external service provider, which immediately launched an investigation and notified federal authorities.

Attack Originated at a Service Provider

The breach did not occur directly within Ericsson’s internal systems. Instead, the company reported that one of its service providers experienced suspicious activity involving potential unauthorized access to files stored on its infrastructure.

The provider discovered the incident on April 28, 2025 and initiated a forensic investigation with the assistance of external cybersecurity specialists. The Federal Bureau of Investigation was also notified as part of the response process.

Investigators determined that the unauthorized access likely occurred between April 17 and April 22, 2025, during which attackers may have accessed or acquired a subset of stored files.

Employee and Customer Information Potentially Exposed

Following the discovery of the breach, data specialists conducted a comprehensive review of the affected files to determine whether sensitive information was involved. That analysis was completed on February 23, 2026.

The review confirmed that some personal information associated with Ericsson employees and customers was contained within the compromised data set. The company has not publicly disclosed the exact number of individuals affected by the incident.

At this time, Ericsson says there is no evidence that the exposed information has been misused.

Telecom Infrastructure Giant

Ericsson is a global telecommunications and networking company headquartered in Sweden. The company provides infrastructure, software, and services used by telecom operators worldwide to support mobile and fixed networks, including 5G connectivity, cloud platforms, and Internet of Things technologies.

Because of its role in supporting critical communications infrastructure, incidents involving Ericsson systems or partners often attract close scrutiny from regulators and cybersecurity analysts.

Support Offered to Affected Individuals

To assist individuals potentially affected by the breach, Ericsson is offering complimentary identity protection services through IDX. These services include credit monitoring, dark web monitoring, identity theft recovery assistance, and up to one million dollars in identity fraud loss reimbursement coverage.

Eligible individuals can enroll in the program through June 9, 2026.

No Ransomware Group Claims Responsibility

As of now, no ransomware group or cybercriminal organization has claimed responsibility for the incident. Investigators continue to analyze the breach while the service provider involved has implemented additional security controls aimed at preventing similar incidents in the future.

The incident highlights the growing risks associated with third-party service providers, which often handle sensitive data on behalf of large enterprises and can become indirect entry points for cyberattacks.

Ash K
Ash K
Ashton is a seasoned Cybersecurity Professional with over 25 years of experience in Cybersecurity Research, Cybersecurity Incident response, Products and Security Solutions architecture.