Ericsson Data Breach Exposes Third-Party Service Risks

Another high profile data breach has occurred – and the early signs are that third-party service providers are to blame.

Telecommunications giant Ericsson has fallen victim to a breach affecting individuals linked to its US operations following a cyber incident at one of its external service providers. 

The company confirmed that certain personal data belonging to employees and customers may have been accessed without authorisation, which could include: names, addresses, social security numbers, driver’s licence numbers, government-issued ID numbers and even financial information. 

The incident, which was detected on 28 April 2025, did not involve Ericsson’s internal systems but rather a vendor which, according to Ericsson, noticed a “suspicious event that may have involved potential unauthorised access to certain data on their system”.

An investigation was promptly initiated and US regulators were notified, after which it “implemented measures to enhance security and minimise the risk of a similar incident occurring in the future”.

Personal data potentially exposed

According to disclosures filed with US authorities, the investigation determined that an unauthorised party may have accessed a limited number of files between 17-22 April 2025.

The investigation, which concluded on 23 February 2026, revealed the personal information of customers was among the affected files. The company notes: "Our service provider has represented to us that they have no evidence of the misuse of any potentially impacted information since the time of the incident."

Regulatory filings indicate that more than 15,000 individuals were impacted by the breach.

James Neilson, SVP of Global at OPSWAT, comments: "Telecom companies such as Ericsson transmit and store vast amounts of sensitive data, making them an attractive target for cybercriminals looking to make a quick profit.

“Although the data stolen in this breach has not yet been misused, it will inevitably raise concerns around medical and financial identity theft and fraud.”

Response measures

Ericsson has offered complimentary protection measures to those affected by the breach. 

This includes identity protection services through IDX, months of credit monitoring, dark web monitoring and US$1m worth identity fraud loss reimbursement policy.

Ericsson will also provide fully-managed identity theft recovery services to the individuals affected, which are designed to help detect potential fraud or identity theft linked to the incident.

“Telecom networks are vast and complex, often involving multiple tiers of suppliers," notes James. "The products and services telecom operators rely on are sourced from across the globe, creating a highly-interconnected ecosystem.

“This complexity makes it challenging for security teams to maintain full visibility and effectively detect and respond to cyber attacks.

“Organisations must focus on identifying and mitigating risks to reduce the likelihood and impact of service disruptions and data breaches.

“This means detecting and neutralising hidden threats by managing data flows and inspecting files in transit across devices, users and the broader digital supply chain.”

The company has emphasised that the incident originated outside its own infrastructure. In response, the service provider involved has strengthened its security controls, while Ericsson continues to monitor the situation.

The breach highlights growing cybersecurity risks associated with third-party vendors and supply chains. Even large technology firms that maintain strong internal defences can face exposure when external partners handling sensitive data are compromised.