"Ericsson said the breach occurred at a third-party service provider that detected unauthorized access to data on its systems in April 2025. The unnamed service provider conducted an investigation and determined that files storing personal information may have been accessed between April 17 and 22, 2025."
"In a notice with the Maine Attorney General's Office, Ericsson said the data breach impacts roughly 15,000 individuals. 'Please note that our service provider has represented to us that they have no evidence of the misuse of any potentially impacted information since the time of the incident,' Ericsson said."
"However, 'no evidence of misuse' is a standard disclaimer frequently issued by breached organizations, even in cases where stolen data is confirmed to have been publicly leaked. Ericsson said it shares both employee and customer data with third-party service providers, but it has not specified which category is affected by this incident."
Ericsson's US subsidiary disclosed a data breach involving a third-party service provider that detected unauthorized access to systems in April 2025. The breach affected files containing personal information accessed between April 17 and 22, 2025, impacting approximately 15,000 individuals. The investigation was not completed until February 2026, nearly ten months after the incident. Ericsson stated the service provider found no evidence of misuse of the potentially compromised information. However, the company did not specify whether employee or customer data was affected, as it shares both categories with third-party service providers.
#data-breach #third-party-service-provider #personal-information-security #telecommunications #incident-response
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]