Ericsson Data Breach Exposes Personal Information of Over 15,000 Individuals in Vishing Attack
In April 2025, a voice-phishing (vishing) scam targeted an unnamed third-party vendor supporting Ericsson’s U.S. operations, leading to the exposure of sensitive personal data belonging to 15,661 individuals. Attackers successfully manipulated an employee into granting unauthorized access between April 17 and April 22, with the breach detected on April 28.
The vendor responded by engaging cybersecurity experts, resetting passwords, and notifying the FBI. However, Ericsson itself was only informed of the incident on November 10, 2025, after the vendor completed its internal investigation. The company then spent months identifying affected individuals, finalizing the list by February 23, 2026.
Exposed data varied by state but included names, Social Security numbers, driver’s license details, government-issued IDs, financial information (such as bank account and payment card numbers), medical records, and dates of birth. While no misuse of the stolen data has been confirmed, Ericsson is offering affected individuals 12 months of credit monitoring.
The vendor has since implemented additional security measures and staff training to prevent future incidents. The breach underscores the risks of social engineering attacks, where human error not technical vulnerabilities can serve as the primary entry point for cybercriminals.
Source: https://www.theregister.com/2026/03/10/ericsson_blames_vendor_vishing_slipup/
Ericsson cybersecurity rating report: https://www.rankiteo.com/company/ericsson
"id": "ERI1773145444",
"linkid": "ericsson",
"type": "Breach",
"date": "4/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '15,661',
'industry': 'Telecommunications',
'location': 'United States',
'name': 'Ericsson',
'type': 'Corporation'}],
'attack_vector': 'Vishing (Voice Phishing)',
'customer_advisories': '12 months of credit monitoring offered to affected '
'individuals',
'data_breach': {'number_of_records_exposed': '15,661',
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers',
'Driver’s License '
'Details',
'Government-Issued '
'IDs',
'Dates of Birth'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Information',
'Medical Records']},
'date_detected': '2025-04-28',
'description': 'In April 2025, a voice-phishing (vishing) scam targeted an '
'unnamed third-party vendor supporting Ericsson’s U.S. '
'operations, leading to the exposure of sensitive personal '
'data belonging to 15,661 individuals. Attackers manipulated '
'an employee into granting unauthorized access between April '
'17 and April 22, with the breach detected on April 28. '
'Ericsson was informed on November 10, 2025, after the vendor '
'completed its internal investigation. Exposed data included '
'names, Social Security numbers, driver’s license details, '
'government-issued IDs, financial information, medical '
'records, and dates of birth. No misuse of the stolen data has '
'been confirmed, but Ericsson is offering affected individuals '
'12 months of credit monitoring.',
'impact': {'brand_reputation_impact': 'Potential reputational damage',
'data_compromised': 'Sensitive personal and financial information',
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'initial_access_broker': {'entry_point': 'Third-party vendor employee'},
'investigation_status': 'Completed',
'lessons_learned': 'The breach underscores the risks of social engineering '
'attacks, where human error—not technical '
'vulnerabilities—can serve as the primary entry point for '
'cybercriminals.',
'post_incident_analysis': {'corrective_actions': 'Additional security '
'measures and staff training',
'root_causes': 'Human error (social engineering '
'via vishing)'},
'recommendations': 'Implement additional security measures and staff training '
'to prevent future incidents.',
'response': {'communication_strategy': 'Notification to affected individuals, '
'credit monitoring offered',
'containment_measures': 'Password resets',
'law_enforcement_notified': 'FBI notified',
'remediation_measures': 'Additional security measures and staff '
'training',
'third_party_assistance': 'Cybersecurity experts engaged'},
'title': 'Ericsson Data Breach Exposes Personal Information of Over 15,000 '
'Individuals in Vishing Attack',
'type': 'Data Breach',
'vulnerability_exploited': 'Human error (social engineering)'}