The US subsidiary of Ericsson has confirmed that it suffered a data leak after an external supplier, responsible for storing personal information from employees and customers, detected unauthorized access to its systems. The incident was detected in late April 2025 and the subsequent internal and forensic investigation concluded in February 2026, when the company began to notify the persons likely to be affected.
The first thing that draws attention is the chain of responsibility: It was not a direct failure in Ericsson's offices, but in one of its suppliers. This highlights a recurring problem in cybersecurity: large companies depend on third parties and this extends the attack area. Ericsson, founded in Stockholm in 1876 and with a massive global presence, delegated data storage to a partner that ended up being the weak link.
According to the notification to the California Attorney General, the supplier discovered the intrusion on April 28, 2025 and, after detection, reported the facts to the FBI and hired external cyber security experts to assess the extent of the exposure. The complete review of potentially committed files was concluded on 23 February 2026, the date from which Ericsson began to inform the affected persons. The report registered with the California Attorney General's Office is available at this official link.
State reports indicate that in Texas alone, more than 4,300 residents were reported as affected, and that the data presented included extremely sensitive information: names, addresses, social security and driver's license numbers, official identity documents, financial data and medical records. This information not only allows for immediate financial fraud, but also facilitates long-term identity theft, the opening of accounts on behalf of the victims, or access to fraudulent medical and government services. For more context on US State obligations and records. UU on leaks, the Texas Attorney General's page offers resources on gap notifications: Texas Attorney General's gaps portal.
Ericsson has offered free identity protection services to those who register before 9 June 2026, through the IDX provider, which includes credit supervision, web dark surveillance, recovery assistance for identity theft and a loss reimbursement policy up to $1 million for covered cases. If you want to check the supplier or discharge, your official page is IDX.
There are two open issues of concern to experts and affected. The first is the actual number of people affected; Ericsson and its American subsidiary have not published a global figure that has been publicly disaggregated, beyond state notifications. The second is the origin of the leak: although the company describes it as a data theft, no cyber-criminal group has claimed the action. This may mean several things: that the attackers have demanded and obtained a rescue without advertising it, that the supplier has quietly negotiated with the extortors, or that the malicious actors have not immediately linked the stolen files with Ericsson. In any case, the absence of a public claim complicates traceability and future risk assessment.
The situation is not isolated: in recent years we have seen supply chains and suppliers manage critical data from multiple customers and, when they fail, drag large companies into reputational and regulatory incidents. In addition to the immediate response (reporting, investigating and providing protection services), organisations must review contracts, access controls, rest and transit encryption, and continuous audits of their partners. Regulatory pressure also increases; it is therefore important for companies to maintain transparency and clear communication with the people concerned and the authorities.
If you think you might be affected by this gap or any other, there are concrete and free steps that should be taken now. Request a credit report, place a credit alert or freeze, change passwords and activate multifactor authentication in important accounts, and monitor suspicious mail and calls are basic but effective measures. In the United States, victims of identity theft can find step by step guides in IdentityTheft.gov, and for broader questions about online security, you can review the FBI on cybersecurity or FTC.
The lesson for companies and users is clear: personal data are an asset that requires in-depth defence including both technical and contractual controls and third-party audits. For people, the best antidote to prolonged damage is the constant monitoring of their financial identity and the adoption of basic digital security practices. The gap that affected the American subsidiary of Ericsson is a reminder that, in the connected era, the security of one depends on the security of many.
For more information about Ericsson and its corporate communications, its official website is ericsson.com, and for the journalistic and technical follow-up of the incident, the media specialized in computer security often provide updates; for example, publications such as BleepingComputer cover such events in detail.
18-year-old Ukrainian youth leads a network of infostealers that violated 28,000 accounts and left $250,000 in losses
The Ukrainian authorities, in coordination with US agents. They have focused on an operation of infostealer which, according to the Ukrainian Cyber Police, was allegedly adminis...
A single GitHub workflow token opened the door to the software supply chain
A single GitHub workflow token failed in the rotation and opened the door. This is the central conclusion of the incident in Grafana Labs following the recent wave of malicious ...
Mini Shai-Hulud: the attack that turned the dependencies into mass intrusion vectors
Summary of the incident: GitHub investigates unauthorized access to internal repositories after the actor known as TeamPCP put the alleged source code and internal platform orga...
Fox Temper exposes the fragility of digital signature in the cloud
Microsoft's disclosure of the operation of "malware-signing-as-a-service" known as Fox Temper replaces in the center the most critical vulnerability of the modern software ecosy...
Trapdoor: the maldumping operation that turned Android apps into an automatic illicit income factory
Cybersecurity researchers have discovered an operation of maldumping and mobile advertising fraud named as Trapdoor, which turns legitimate Android application facilities into a...
From warning to orchestration and IA action to accelerate response to network incidents
IT and security teams live a well-known reality: a constant flood of alerts from monitoring platforms, infrastructure systems, identity services, ticketing tools and security so...
Nx Console in check: how a productivity extension became a credentials theft and a threat to the supply chain
An attack directed at developers again revealed the fragility of the software supply chain: the Nx Console extension for editors such as Visual Studio Code, with more than 2.2 m...