A data breach at Ericsson US has exposed the personal information of employees and customers after a third-party service provider was compromised by attackers. The breach was discovered on April 28, 2025, when the service provider detected a suspicious event that may have involved unauthorized access to their system1. An investigation was promptly launched with the assistance of external cybersecurity experts. The incident highlights the risks associated with third-party providers and the importance of robust security controls to prevent such breaches. The compromised data includes sensitive information of an unspecified number of employees and customers, posing a significant risk to their privacy and security. This breach matters to practitioners as it underscores the need for rigorous vendor risk management and continuous monitoring of third-party providers to prevent similar incidents.
Ericsson US confirms breach after third-party provider attack
⚡ High Priority
Why This Matters
“On April 28, 2025, our service provider became aware of a suspicious event that may have involved potential unauthorized access to certain data on their system.
References
- SecurityAffairs. (2026, March 10). Ericsson US confirms breach after third-party provider attack. SecurityAffairs. https://securityaffairs.com/189197/data-breach/ericsson-us-confirms-breach-after-third-party-provider-attack.html
Original Source
SecurityAffairs
Read original →