ERICSSON US has disclosed a data breach arising from a third-party service provider compromise. The company notes that on 28 April 2025 the service provider became aware of a suspicious event that potentially allowed unauthorized access to certain data, prompting an investigation with external cybersecurity experts and FBI notification.
The investigation found that a limited subset of files may have been accessed between 17 April 2025 and 22 April 2025, with some personal information later identified in the affected files. According to the data breach notification letter shared with the California Attorney General, the service provider completed a comprehensive review of potentially affected files on 23 February 2026 and determined that some personal information was contained within them.
Ericsson has offered affected individuals complimentary identity protection services through IDX, available to those enrolling by 9 June 2026, but notes that no ransomware group claimed responsibility for the breach. The disclosure also states that the FBI was notified and security measures were enhanced to reduce the risk of a similar incident in the future.