A data breach affecting 15,661 Ericsson Inc. employees and customers has been disclosed after attackers compromised a third-party service provider used by the company.

The incident involved unauthorised access to files containing personal information, according to breach notifications filed with US state authorities.

Ericsson Inc. is the US subsidiary of Swedish telecommunications and networking firm, Telefonaktiebolaget LM Ericsson. The Stockholm-headquartered company employs nearly 90,000 people globally and provides network infrastructure, software and services to telecom operators.

The breach was reportedly detected on April 28, 2025, when the service provider identified suspicious activity on its systems. Investigators later determined that files may have been accessed without permission between April 17 and April 22, 2025.

Investigation and Scope of the Incident

The Ericsson Inc. launched an investigation with the assistance of external cybersecurity specialists and also notified the FBI. A detailed review of potentially affected files was completed on February 23, confirming that personal information belonging to Ericsson employees and customers had been exposed.

"Based on the investigation, our service provider determined that a limited subset of files may have been accessed or acquired without authorization," the company said. "As part of its investigation, it retained external data specialists to conduct a comprehensive review of the [potentially] affected files."

A filing with the Texas Attorney General on March 9 indicated that 4377 state residents were among those impacted. While the total number of affected individuals stands at 15,661, Ericsson noted that investigators have not identified evidence that the stolen information has been misused.

The types of data potentially exposed include:

Names and addresses

Social Security Numbers

Driver's licence or government-issued identification numbers

Financial information, such as bank or card numbers

Medical information and dates of birth

Identity Protection Measures Offered

Ericsson said the breach did not occur within its own systems but at a vendor responsible for storing certain employee and customer data. The company has not disclosed the identity of the service provider involved.

At present, no cybercrime group has publicly claimed responsibility for the data breach.

To assist those affected, Ericsson is offering complimentary identity protection services through IDX. These include credit monitoring, dark web monitoring, identity theft recovery assistance and a $1m identity fraud reimbursement policy for individuals who enrol by June 9.

"Please note that our service provider has represented to us that they have no evidence of the misuse of any potentially impacted information since the time of the incident," the company said in its notification letter.

Image credit: davide bonaldo / Shutterstock.com