Ericsson Discloses Third-Party Data Incident After Vendor System Breach

Key Takeaways

• Vendor System Compromise: Ericsson disclosed a data security incident tied to one of its service providers rather than its own internal systems.
• Access Occurred in April 2025: Investigators determined that a limited number of files may have been accessed without authorization between April 17 and April 22, 2025.
• Investigation Concluded in February 2026: A forensic review completed on February 23, 2026 identified individuals whose personal data may have been included in the affected files.
• No Evidence of Misuse: The service provider reported that it has not identified evidence of the potentially affected data being misused.

Deep Dive

Ericsson has begun notifying individuals that their personal information may have been exposed in a data security incident involving one of the company’s service providers.

According to the notification issued March 9, 2026, the incident did not involve Ericsson’s own systems. Instead, it stemmed from suspicious activity detected within a vendor environment that stores or processes certain data on Ericsson’s behalf.

The vendor discovered the activity on April 28, 2025 and launched an investigation with the help of external cybersecurity specialists. The incident was also reported to the Federal Bureau of Investigation as part of the response.

Investigation Points to Limited File Access

Investigators determined that a limited number of files within the vendor’s systems may have been accessed or taken without authorization during a five-day period between April 17 and April 22, 2025.

To understand what information may have been involved, the service provider retained external data specialists to review the potentially affected files. That review process took several months and concluded on February 23, 2026.

Following the analysis, Ericsson determined that some individuals’ personal information was contained in the files that may have been accessed. The data involved varies by person but could include names along with other personal data elements.

The company said the vendor has not identified evidence that any of the potentially exposed information has been misused since the incident occurred.

Credit Monitoring and Identity Protection Offered

As part of its response, Ericsson is offering affected individuals complimentary identity protection services through identity protection provider IDX.

The services include credit monitoring, dark web monitoring, identity theft recovery support, and identity fraud loss reimbursement coverage of up to $1 million. Individuals who receive notification letters can enroll in the services until June 9, 2026.

Ericsson said the company takes the privacy and security of the information it holds seriously and is sharing details of the incident so that potentially affected individuals can take steps to protect themselves.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.