Ericsson US Data Breach via Service Provider Compromise

First reported

09.03.2026 21:07

Last updated

10.03.2026 17:00

2 unique sources, 2 articles

Summary

Hide ▲

Ericsson Inc., the U.S. subsidiary of Ericsson, disclosed a data breach affecting 15,661 employees and customers. The breach occurred after attackers compromised a service provider storing personal data for Ericsson. The incident was detected on April 28, 2025, with unauthorized access occurring between April 17 and April 22, 2025. The exposed data includes names, addresses, Social Security Numbers, financial information, and medical records. Ericsson is offering free identity protection services to affected individuals. The breach was reported to the FBI, and an investigation was conducted with external cybersecurity experts. No evidence of data misuse has been found, and no cybercrime group has claimed responsibility.

Timeline

09.03.2026 21:07 2 articles · 1d ago

Ericsson US Data Breach via Service Provider Compromise
Ericsson Inc. disclosed a data breach affecting 15,661 employees and customers after a service provider was compromised. The breach was detected on April 28, 2025, with unauthorized access occurring between April 17 and April 22, 2025. The exposed data includes names, addresses, Social Security Numbers, financial information, and medical records. Ericsson is offering free identity protection services to affected individuals.
Show sources

Ericsson US discloses data breach after service provider hack — www.bleepingcomputer.com — 09.03.2026 21:07

Ericsson Breach Exposes Data of 15k Employees and Customers — www.infosecurity-magazine.com — 10.03.2026 17:00
Open in new tab

Information Snippets

The breach was detected on April 28, 2025, with unauthorized access occurring between April 17 and April 22, 2025.
First reported: 09.03.2026 21:07

2 sources, 2 articles
Show sources
- Ericsson US discloses data breach after service provider hack — www.bleepingcomputer.com — 09.03.2026 21:07
- Ericsson Breach Exposes Data of 15k Employees and Customers — www.infosecurity-magazine.com — 10.03.2026 17:00
The compromised data includes names, addresses, Social Security Numbers, Driver’s License numbers, government-issued ID numbers, financial information, medical information, and dates of birth.
First reported: 09.03.2026 21:07

2 sources, 2 articles
Show sources
- Ericsson US discloses data breach after service provider hack — www.bleepingcomputer.com — 09.03.2026 21:07
- Ericsson Breach Exposes Data of 15k Employees and Customers — www.infosecurity-magazine.com — 10.03.2026 17:00
The breach impacted at least 4,377 individuals in Texas alone.
First reported: 09.03.2026 21:07

2 sources, 2 articles
Show sources
- Ericsson US discloses data breach after service provider hack — www.bleepingcomputer.com — 09.03.2026 21:07
- Ericsson Breach Exposes Data of 15k Employees and Customers — www.infosecurity-magazine.com — 10.03.2026 17:00
Ericsson is offering free IDX identity protection services, including credit monitoring, dark web monitoring, identity theft recovery, and a $1 million identity fraud loss reimbursement policy to affected individuals.
First reported: 09.03.2026 21:07

2 sources, 2 articles
Show sources
- Ericsson US discloses data breach after service provider hack — www.bleepingcomputer.com — 09.03.2026 21:07
- Ericsson Breach Exposes Data of 15k Employees and Customers — www.infosecurity-magazine.com — 10.03.2026 17:00
No cybercrime group has taken responsibility for the breach.
First reported: 09.03.2026 21:07

2 sources, 2 articles
Show sources
- Ericsson US discloses data breach after service provider hack — www.bleepingcomputer.com — 09.03.2026 21:07
- Ericsson Breach Exposes Data of 15k Employees and Customers — www.infosecurity-magazine.com — 10.03.2026 17:00
The breach affected 15,661 Ericsson Inc. employees and customers.
First reported: 10.03.2026 17:00

1 source, 1 article
Show sources
- Ericsson Breach Exposes Data of 15k Employees and Customers — www.infosecurity-magazine.com — 10.03.2026 17:00
The breach involved unauthorized access to files containing personal information, including names, addresses, Social Security Numbers, Driver’s License numbers, government-issued ID numbers, financial information, medical information, and dates of birth.
First reported: 10.03.2026 17:00

1 source, 1 article
Show sources
- Ericsson Breach Exposes Data of 15k Employees and Customers — www.infosecurity-magazine.com — 10.03.2026 17:00

Similar Happenings

ManoMano Data Breach Affects 38 Million Customers via Third-Party Service Provider

ManoMano, a European DIY e-commerce platform, disclosed a data breach impacting 38 million customers. The breach occurred in January 2026 due to unauthorized access to a third-party customer service provider. Exposed data includes full names, email addresses, phone numbers, and customer service communications. The stolen data includes information associated with 37.8 million ManoMano user accounts, over 900,000 service tickets, and over 13,000 attachments, pertaining to users across France, Germany, Italy, Spain, and the United Kingdom. No account passwords were compromised. The company has taken steps to secure its environment and notified relevant authorities and affected customers. The breach was claimed by an individual using the alias 'Indra' on a hacker forum, alleging the theft of 37.8 million user accounts and thousands of support tickets. The compromised service provider is reportedly a Tunis-based customer support firm that suffered a Zendesk breach.

Open in new tab

Discord User Data Compromised in Third-Party Breach

Hackers claim to have stolen data from 5.5 million unique Discord users after compromising a third-party customer service provider. The attack occurred on September 20, 2025, affecting users who interacted with Discord’s customer support and/or Trust and Safety teams. The breach appears to be financially motivated, with hackers demanding a ransom. The Scattered Lapsus$ Hunters (SLH) threat group claimed responsibility for the attack, stating they breached a Zendesk instance used by Discord for customer support. The compromised data includes real names, usernames, email addresses, contact details, IP addresses, messages, attachments, photos of government-issued identification documents, partial billing information, and purchase history. Discord took immediate action to isolate the support provider from its ticketing system and launched an investigation with the help of a forensics firm and law enforcement. The hackers also accessed corporate data, including training materials and internal presentations. Discord has notified law enforcement and relevant data protection authorities about the incident. No full credit card numbers, CVV codes, passwords, or authentication data were compromised. Additionally, no messages or activity on Discord outside of communication with customer support were obtained by the attackers.

Open in new tab

Harrods Data Breach via Third-Party Provider

Harrods, a luxury British department store, disclosed a new data breach affecting 430,000 online customers. The breach involved the compromise of a third-party provider's system, leading to the exposure of names, contact details, and internal marketing tags and labels. The incident was isolated and contained, and no account passwords, payment details, or order histories were compromised. The breach is not connected to a previous incident in May, where unauthorized access attempts were detected. Four individuals were arrested in July for suspected involvement in cyberattacks against Harrods and other major British retailers. This breach is part of a series of recent cyberattacks targeting high-profile British businesses, including Jaguar Land Rover and Kido nursery chain.

Open in new tab

Chess.com suffers data breach via third-party file transfer app

Chess.com experienced a data breach in June 2025, where unauthorized actors accessed a third-party file transfer app used by the platform. The breach occurred between June 5 and June 18, affecting approximately 4,500 users out of the platform's 100 million user base. The compromised data includes names and other personally identifiable information (PII). Chess.com discovered the breach on June 19 and has since taken measures to secure its systems and notify law enforcement. The platform is offering impacted users free identity theft and credit monitoring services. This is the second cyber incident for Chess.com in recent years, following a 2023 data breach where over 800,000 user records were scraped and posted online.

Open in new tab

TransUnion Data Breach Affects Over 4 Million Customers

TransUnion, a major credit reporting agency, confirmed a data breach that compromised the personal information of over 4 million customers. The breach occurred on July 28, 2025, and was discovered two days later. An unauthorized actor accessed personal data through a third-party application used by TransUnion's US customer support operations. The compromised information was limited to specific data elements and did not include credit reports or core credit information. TransUnion is offering impacted customers two years of free credit monitoring services. The identity of the threat actor remains unknown, and there is no confirmed correlation with other recent security incidents.

Open in new tab