Ericsson Inc., the United States subsidiary of Swedish telecommunications company Ericsson, has disclosed a data breach after attackers compromised one of its external service providers that stored personal information for employees and customers.
The company said in breach notification letters filed with the California Attorney General that the incident was discovered on April 28, 2025. The affected service provider had identified unauthorized access within its systems and launched an investigation into the incident.
According to Ericsson, the service provider determined that a limited set of files may have been accessed or acquired without authorization between April 17 and April 22, 2025. The provider reported the incident to the Federal Bureau of Investigation and hired external cybersecurity specialists to investigate the scope and impact of the breach.
The investigation was completed in February 2026. During the review process, data specialists examined the potentially affected files and confirmed that some of them contained personal information belonging to individuals connected to Ericsson.
The exposed information may include names, home addresses, Social Security numbers, driver’s license numbers, and other government-issued identification numbers. The review also found that financial data such as bank account numbers and credit or debit card numbers may have been present in the affected files. Some records may also have contained dates of birth and medical information.
Ericsson did not disclose the total number of affected individuals. However, a filing with the Texas Attorney General stated that 4,377 people in Texas were impacted by the breach. The overall number of individuals affected across other states has not been publicly reported.
The company said the service provider has not identified evidence that the exposed data has been misused since the breach occurred. Ericsson also stated that the incident involved unauthorized access to files rather than confirmed misuse of personal information.
As part of its response, Ericsson is offering affected individuals identity protection services through IDX. The services include credit monitoring, identity theft recovery assistance, and dark web monitoring. The program also includes identity fraud insurance with reimbursement coverage of up to $1 million for qualifying losses.
The identity protection services are available to affected individuals who enroll before June 9, 2026.
No cybercrime group has claimed responsibility for the attack. Ericsson said it has no additional details to share beyond the information included in the notification letters.