140/69 Wedesday, March 11, 2026
Ericsson Inc., a subsidiary of the Swedish telecommunications and networking equipment manufacturer, has disclosed a data breach resulting from a cyberattack on a third-party service provider responsible for storing employee and customer information. According to the company, unauthorized actors were able to access certain data between April 17 and April 22, 2025. The incident was discovered on April 28, 2025, after which the company reported the matter to relevant authorities, including the Federal Bureau of Investigation, and engaged external cybersecurity experts to investigate the breach.
The investigation concluded in February 2026 and determined that certain files may have been accessed or exfiltrated without authorization. The potentially exposed information includes names, addresses, Social Security numbers, driver’s license or government-issued identification numbers, financial account or credit/debit card numbers, medical information, and dates of birth. According to filings submitted to state attorneys general, at least 4,377 individuals were affected. However, Ericsson stated that there is currently no evidence indicating that the compromised data has been misused.
To mitigate potential risks, Ericsson has offered affected individuals free identity protection services through IDX. These services include credit monitoring, dark web surveillance, identity theft recovery assistance, and up to $1 million in fraud protection coverage for those who enroll by June 9, 2026. Although the company described the incident as a data theft attack, no cybercriminal group has publicly claimed responsibility for the breach so far.