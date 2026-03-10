Ericsson US reveals employee and customer data breach after third-party hack
An unnamed threat actor stole data on thousands of people
- Ericsson US confirms third-party data breach
- Sensitive customer data including SSNs and financial info exposed
- Company offers free identity protection services via ID
The US arm of Ericsson has confirmed suffering a third-party data breach which saw it lose sensitive data on an undisclosed number of its customers.
In a data breach notification letter sent out to affected individuals, Ericsson US said it spotted “a suspicious event” and potential unauthorized access to its systems on April 28, 2025.
The company launched an investigation, brought in third-party security experts, notified the FBI, and also implemented “measures to enhance security and minimize the risk of a similar incident occurring in the future,” but it didn’t elaborate what these measures were.Article continues below
Free identity theft protection
The investigation showed that the unidentified actors stole a “limited subset” of customer data, but Ericsson US did not detail their nature, other than saying that it included people’s names.
It filed multiple data breach notifications with different US Attorney General’s Offices, and in its Texas filing, it said that more than 4,000 people were affected, losing names, addresses, SSNs, driver’s license numbers, ID numbers, financial information, medical information, and birth dates.
“Please note that our service provider has represented to us that they have no evidence of the misuse of any potentially impacted information since the time of the incident,” the letter reads.
To mitigate the damages, Ericsson US will be offering free identity theft protection services to affected individuals, through IDX, for at least 12 months. The service includes credit monitoring, dark web monitoring, a $1 million identity fraud loss reimbursement policy, and a fully managed identity theft recovery service.
Users have until June 9, 2026, to enroll.
At press time, no threat actors assumed responsibility for this attack, although given the status Ericsson US enjoys in its industry, it is probably just a matter of time before someone does. Unless, of course, the company paid a ransom demand - which is highly unlikely.
Via BleepingComputer
