A data breach affecting 15,661 Ericsson Inc. employees and customers has been disclosed after attackers compromised a third‑party service provider used by the company. The breach involved unauthorised access to files containing personal information, according to breach notifications filed with US state authorities.
Investigators determined that files may have been accessed without permission between 17 and 22 April 2025, with the incident reportedly detected on 28 April 2025; Ericsson launched an external‑assisted investigation and notified the FBI. A Texas Attorney General filing on 9 March indicated that 4,377 state residents were among those impacted, though Ericsson notes there is no evidence of misuse of the stolen information to date.
The data potentially exposed includes names and addresses, Social Security numbers, government IDs, financial information, and medical information and dates of birth. Ericsson said the breach occurred at a vendor handling certain data and has offered complimentary identity protection services through IDX, including a $1m identity fraud reimbursement policy for those who enrol by 9 June.