Ericsson Inc.: Ericsson Inc Data Breach Affects Over 4k: PHI and PII Exposed

Ericsson U.S. Subsidiary Suffers Data Breach Affecting Thousands in Texas

Ericsson Inc., the U.S. arm of Swedish telecommunications firm Ericsson, confirmed a data breach stemming from a third-party service provider, exposing sensitive information of at least 4,377 individuals in Texas with the total number of affected users likely higher nationwide.

The breach was detected on April 28, 2025, following unauthorized access to the service provider’s systems between April 17 and April 22, 2025. A forensic investigation, conducted with external cybersecurity experts, concluded on February 23, 2026, revealing that compromised files contained a broad range of personal and financial data. Exposed information included names, addresses, Social Security numbers, driver’s license and passport details, credit card and bank account numbers, medical records, and dates of birth.

Ericsson notified the Texas and California Attorneys General of the incident beginning March 9, 2026. In response, the company is offering affected individuals complimentary identity protection services through IDX, including 12 or 24 months of credit and dark web monitoring, a $1 million identity fraud reimbursement policy, and managed identity recovery support. The enrollment deadline for these services is June 9, 2026.

The breach underscores the risks of third-party vulnerabilities in handling sensitive data, particularly in sectors reliant on external service providers. Ericsson has directed impacted individuals to monitor financial accounts and consider fraud alerts or credit freezes, though no further details on the root cause or the service provider’s identity have been disclosed.

Source: https://www.claimdepot.com/data-breach/ericsson-2026

Ericsson cybersecurity rating report: https://www.rankiteo.com/company/ericsson

"id": "ERI1773081773",
"linkid": "ericsson",
"type": "Breach",
"date": "4/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '4377 (Texas), likely higher '
                                              'nationwide',
                        'industry': 'Telecommunications',
                        'location': 'U.S.',
                        'name': 'Ericsson Inc.',
                        'type': 'Subsidiary'}],
 'attack_vector': 'Third-party service provider compromise',
 'customer_advisories': 'Offered complimentary identity protection services '
                        'through IDX (12 or 24 months of credit and dark web '
                        'monitoring, $1 million identity fraud reimbursement '
                        'policy, and managed identity recovery support). '
                        'Enrollment deadline: 2026-06-09.',
 'data_breach': {'number_of_records_exposed': '4377 (Texas), likely higher '
                                              'nationwide',
                 'personally_identifiable_information': ['Names',
                                                         'Addresses',
                                                         'Social Security '
                                                         'numbers',
                                                         'Driver’s license '
                                                         'details',
                                                         'Passport details',
                                                         'Dates of birth'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personal data',
                                              'Financial data',
                                              'Medical records']},
 'date_detected': '2025-04-28',
 'date_publicly_disclosed': '2026-03-09',
 'description': 'Ericsson Inc., the U.S. arm of Swedish telecommunications '
                'firm Ericsson, confirmed a data breach stemming from a '
                'third-party service provider, exposing sensitive information '
                'of at least 4,377 individuals in Texas with the total number '
                'of affected users likely higher nationwide.',
 'impact': {'brand_reputation_impact': 'Yes',
            'data_compromised': 'Sensitive personal and financial data',
            'identity_theft_risk': 'High',
            'payment_information_risk': 'High'},
 'investigation_status': 'Concluded (forensic investigation completed on '
                         '2026-02-23)',
 'lessons_learned': 'Risks of third-party vulnerabilities in handling '
                    'sensitive data, particularly in sectors reliant on '
                    'external service providers.',
 'post_incident_analysis': {'root_causes': 'Third-party service provider '
                                           'compromise'},
 'recommendations': 'Monitor financial accounts, consider fraud alerts or '
                    'credit freezes, and enroll in identity protection '
                    'services.',
 'references': [{'source': 'Incident disclosure'}],
 'regulatory_compliance': {'regulatory_notifications': ['Texas Attorney '
                                                        'General',
                                                        'California Attorney '
                                                        'General']},
 'response': {'communication_strategy': 'Notified Texas and California '
                                        'Attorneys General; offered identity '
                                        'protection services',
              'third_party_assistance': 'External cybersecurity experts'},
 'title': 'Ericsson U.S. Subsidiary Suffers Data Breach Affecting Thousands in '
          'Texas',
 'type': 'Data Breach'}