Ericsson Inc., the U.S. subsidiary of Swedish networking and telecommunications giant Ericsson, says attackers have stolen data belonging to an undisclosed number of employees and customers after hacking one of its service providers.
Headquartered in Stockholm in 1876, the parent company is a communications tech leader with nearly 90,000 employees worldwide.
In data breach notification letters sent to affected individuals and filed with the California Attorney General on Monday, Ericsson said that a service provider who was storing personal data for employees and customers discovered a breach on April 28, 2025.
After detecting the incident, the service provider notified the FBI and hired external cybersecurity experts to assess the extent of the breach and its impact.
The investigation, which was completed last month, found that an undisclosed number of individuals had their data exposed in the incident. However, Ericsson noted that the compromised provider has yet to find evidence that the data has been misused since the breach.
“Based on the investigation, our service provider determined that a limited subset of files may have been accessed or acquired without authorization between April 17, 2025 and April 22, 2025,” Ericsson said.
“As part of its investigation, it retained external data specialists to conduct a comprehensive review of the potential affected files to identify any personal information. That review was completed on February 23, 2026 at which time we determined that that some of your personal information was contained within the affected files.”
According to a filing with the Texas Attorney General, the breach impacted 4,377 individuals in Texas alone, while the exposed information includes affected individuals’ names, addresses, Social Security Numbers, Driver’s License numbers, government-issued ID numbers (e.g., passport, state ID cards), financial Information (e.g., account numbers, credit or debit card numbers), medical Information, and dates of birth.
Ericsson is now providing free IDX identity protection services, including credit monitoring, dark web monitoring, identity theft recovery, and a $1 million identity fraud loss reimbursement policy to affected people who enroll by June 9, 2026.
Although the company flagged this incident as a data theft attack, no cybercrime group has taken responsibility for the breach. This raises the possibility that either the service provider paid the ransom demanded by the attackers or that the threat actors were unable to connect the breach to Ericsson.
BleepingComputer reached out to an Ericcson spokesperson for more details on the breach, including the number of affected individuals, but a response to these questions was not immediately available.
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.