The US division of Ericsson, a major global player in telecommunications equipment and services, has revealed a significant data breach compromising the personal data of thousands.
Incident Overview
The breach was traced back to an unnamed third-party service provider, which identified unauthorized access to its systems in April 2025. During an investigation, it was found that personal data might have been accessed between April 17 and April 22, 2025.
Despite the incident occurring almost a year earlier, the investigation was not concluded until February 2026. This delay highlights the complexities often involved in such cybersecurity investigations.
Impact and Response
As reported to the Maine Attorney General’s Office, approximately 15,000 people have been impacted by this breach. Ericsson stated that the service provider has found no evidence of any misuse of the potentially compromised data since the breach.
While Ericsson reassures the public with this statement, it is a common disclaimer used by companies even when leaked data has surfaced publicly.
Data Sharing Practices
Ericsson has yet to clarify whether the breach affected employee or customer data, as the company has partnerships with various third-party providers for sharing sensitive information.
This incident underlines the risks associated with outsourcing data management and highlights the need for stringent cybersecurity measures.
Related incidents include breaches at Salesforce and LexisNexis, emphasizing a broader trend of data vulnerabilities across multiple sectors.
As data breaches continue to be a key concern, organizations must prioritize cybersecurity to protect sensitive information and maintain public trust.
