What You Need to Know about the Ericsson Data Breach

Ericsson Inc. is the U.S. subsidiary of Telefonaktiebolaget LM Ericsson, a Swedish multinational telecommunications company founded in 1876. Headquartered in Stockholm, the parent company is a global leader in mobile connectivity hardware, software, and services for telecommunications operators and enterprises. Ericsson specializes in 5G, 6G, Internet of Things, artificial intelligence, cloud computing, and serves public safety, utilities, manufacturing, government, and military sectors.

The company employs nearly 90,000 people worldwide. U.S. operations, headquartered in Plano, Texas, employ over 6,200 people across more than 30 locations.

In April 2025, an unnamed third-party service provider for Ericsson fell victim to a voice phishing (vishing) cyberattack, exposing personal information of 15,661 individuals. Attackers used social engineering to trick a single vendor employee into providing access credentials. Once inside, attackers accessed files containing sensitive personal information belonging to Ericsson employees and customers.

Compromised data may include names, addresses, Social Security numbers, driver's license numbers, government-issued ID numbers, financial information, including account and credit card numbers, medical information, and dates of birth. The vendor detected the breach on April 28, 2025, and notified the FBI. However, Ericsson was not informed until November 10, 2025, more than six months later.

The investigation was completed on February 23, 2026. Ericsson began mailing notification letters to all 15,661 affected individuals on March 9, 2026, and filed disclosures with state attorneys general. The company is offering 12 months of complimentary IDX identity protection services.

When Was the Ericsson Data Breach?

According to Ericsson's notifications, unauthorized individuals accessed files between April 17 and 22, 2025. The service provider detected suspicious activity on April 28, 2025, six days after the access window ended. The provider initiated an investigation with external cybersecurity specialists, notified the FBI, and implemented enhanced security measures.

The investigation revealed that attackers used vishing, voice phishing, by pretending to be legitimate callers. Vishing attacks typically involve criminals posing as IT staff or help desk personnel to trick employees into revealing access credentials. Security experts note that vishing attacks have exploded in popularity, and security teams are still learning how to prepare staff for this social engineering threat.

Ericsson was notified by the service provider on November 10, 2025, more than six months after the breach was discovered. From November 2025 through February 2026, Ericsson worked to determine whose information was exposed. The data review was completed on February 23, 2026, identifying 15,661 affected individuals. Notification letters were mailed on March 9, 2026, nearly eleven months after the initial breach.

How to Check If Your Data Was Breached

If you are a current or former Ericsson employee, contractor, or customer, your information may have been compromised. Here's how to verify:

• Check your mail for notification letters from Ericsson sent starting March 9, 2026. Letters include breach details, specific data types compromised in your case, and instructions for enrolling in complimentary IDX identity protection services.
• Contact Ericsson directly if you believe you may have been affected but have not received notification.
• Review your credit reports for unfamiliar accounts or inquiries at AnnualCreditReport.com.
• Monitor financial account statements for unauthorized transactions, even small charges.

The breach affected individuals across multiple states: 4,377 in Texas, 239 in Massachusetts, 21 in Maine, and additional individuals in California and other states.

Types of information potentially compromised include:

• Full names and home addresses
• Social Security numbers
• Driver's license numbers
• Government-issued ID numbers, including passport numbers and state ID cards
• Financial information, including account numbers and credit or debit card numbers
• Medical information and protected health information
• Dates of birth

Ericsson noted that the service provider has no evidence of misuse of any potentially impacted information. However, this is a standard disclaimer and provides limited assurance.

What to Do If Your Data Was Breached

If you received a notification letter from Ericsson, take these steps immediately:

• Enroll in Free Identity Protection Services

Ericsson offers complimentary IDX identity protection for 12 months. Enroll by June 9, 2026. Services include credit monitoring across all three bureaus, dark web monitoring, $1 million identity fraud reimbursement, and managed identity theft recovery. Your notification letter includes enrollment instructions.

• Review Financial Accounts and Credit Reports

Check bank accounts and credit cards for unauthorized transactions. Look for unfamiliar charges, withdrawals, new accounts, or information changes. Report suspicious activity immediately. Order free credit reports from all three bureaus at AnnualCreditReport.com and review for unauthorized accounts or inquiries.

• Consider Credit Freeze or Fraud Alert

A credit freeze prevents new creditors from accessing your credit report, blocking identity thieves from opening accounts in your name. Contact Equifax, Experian, and TransUnion. Alternatively, place a fraud alert requiring creditors to verify your identity before opening new accounts.

• Monitor Medical Records and Watch for Phishing

Review medical records and explanation of benefits statements for unfamiliar procedures or prescriptions. File tax returns early and watch for IRS notices about duplicate filings. Be cautious of unexpected emails, calls, or texts claiming to be from Ericsson, financial institutions, or government agencies. Verify legitimacy by contacting organizations directly using independently found contact information.

Are There Any Lawsuits?

As of mid-March 2026, several law firms have announced they are investigating potential class action lawsuits on behalf of individuals affected by the Ericsson data breach:

• ClassAction.org

ClassAction.org announced it is investigating a class action lawsuit on behalf of individuals whose information was exposed. The firm notes that victims may be entitled to compensation for damages, including the cost of credit monitoring services, time spent dealing with the breach, and increased risk of identity theft and fraud.

• Class Action U

Class Action U is investigating potential legal claims, noting that Ericsson may have failed to implement adequate data security measures and took nearly eleven months to notify affected individuals, well beyond the notification deadlines required by many state laws.

• Migliaccio & Rathod LLP

Migliaccio & Rathod LLP is investigating whether Ericsson violated consumer protection laws and failed to properly safeguard customer and employee information. The firm is offering free consultations to affected individuals.

• Strauss Borrelli PLLC

Strauss Borrelli PLLC announced an investigation focusing on whether Ericsson failed to implement reasonable security measures to protect sensitive personal information and whether the company unreasonably delayed in notifying affected individuals.

• Shamis & Gentile P.A.

Shamis & Gentile P.A. is investigating potential claims against Ericsson for negligence in failing to protect personal information and delays in notifying victims.

No formal lawsuits have been filed yet as of mid-March 2026. If you believe you were affected and are interested in learning more about potential legal claims, you can contact investigating law firms for free consultations. There is typically no cost to join class action investigations, and attorneys work on contingency, meaning they only get paid if they successfully recover compensation.

Can My Information Be Used for Identity Theft?

Yes. The combination of data types exposed in this breach creates significant risk for identity theft and fraud:

• Social Security Numbers

SSNs are the key to opening credit accounts, applying for loans, filing fraudulent tax returns, and accessing government benefits. Combined with names and dates of birth, criminals have everything needed to impersonate victims and commit synthetic identity theft.

• Driver's License Numbers and Government IDs

These can be used to create fake identification documents, open bank accounts, rent apartments, apply for jobs, or obtain services in your name. Criminals can use this information to bypass identity verification systems.

• Financial Account Information

Account numbers and credit or debit card numbers can be used for unauthorized purchases, withdrawals, or transfers. Criminals may drain accounts, make large purchases, or sell the information to other criminals on the dark web.

• Medical Information

Medical identity theft allows criminals to obtain medical services, prescription drugs, or medical equipment using your identity and insurance. This can corrupt your medical records with incorrect information about diagnoses, treatments, or prescriptions, potentially leading to dangerous medical errors. It can also result in insurance claim denials and collection notices for services you never received.

• Combined Data Creates Maximum Risk

The most dangerous aspect of this breach is that it exposed multiple types of sensitive information for each victim. When criminals have your name, address, SSN, date of birth, and driver's license number together, they can convincingly impersonate you across numerous contexts. 

This comprehensive data package allows criminals to pass security checks that rely on knowledge-based authentication, answer security questions, and defeat identity verification systems.

What Can You Do to Protect Yourself Online?

Beyond the immediate steps you should take in response to this specific breach, here are long-term strategies to protect yourself online:

• Use Strong, Unique Passwords

Create strong passwords (at least 12 characters with uppercase, lowercase, numbers, and symbols) for every account. Never reuse passwords. Use a password manager to generate and store complex passwords securely.

• Enable Multi-Factor Authentication

Enable multi-factor authentication (MFA) on every account that offers it. MFA requires a second verification form beyond your password, making it much harder for attackers to access accounts even if they have your credentials.

• Be Cautious of Vishing Attacks

This breach occurred through vishing, voice phishing. Be skeptical of unexpected phone calls asking for sensitive information, even if the caller claims to be from IT support, your bank, or a government agency. If someone calls requesting credentials or personal information, hang up and call the organization back using a number you find independently. Never provide passwords, account numbers, or SSNs over the phone unless you initiated the call.

• Monitor Your Accounts Regularly

Check bank accounts, credit cards, and credit reports regularly for suspicious activity. Set up account alerts for large transactions, password changes, or new account openings. Review credit reports from all three bureaus at least annually through AnnualCreditReport.com.

• Limit Information Sharing

Be mindful of what personal information you share online and with companies. The less information available about you, the less data criminals can exploit if a breach occurs. Review privacy settings on social media and limit what you share publicly.

• Secure Your Devices

Keep software and operating systems updated with the latest security patches. Use antivirus software and enable firewalls. Avoid using public Wi-Fi for sensitive transactions, or use a VPN if you must access financial or personal accounts on public networks.

• Understand Third-Party Risks

This breach didn't originate with Ericsson itself but with a third-party vendor. When providing information to any company, understand that your data may be shared with vendors, contractors, and service providers. Unfortunately, you have limited control over these third parties' security practices. This makes it even more important to take proactive steps, such as credit freezes and monitoring, to protect yourself, regardless of how carefully companies and their vendors handle your data.