Ericsson Data Breach Exposes Telco Supply Chain Risks

Telco vendors manage enormous volumes of personal and operational data as they support operators and enterprise networks across the world.

That reality came into focus after Ericsson confirmed that a cyber incident at an external service provider exposed personal data linked to its US operations.

The breach affected individuals connected to the company’s activities in the US and stemmed from unauthorised access within a third-party vendor system rather than Ericsson’s internal infrastructure.

The vendor, according to Ericsson, reported a “suspicious event that may have involved unauthorised access to certain data on their system.”

Ericsson stated that some personal information belonging to employees and customers may have been exposed without authorisation. The potentially affected records included names, addresses, social security numbers, driving licence numbers, government-issued identification numbers and financial information.

The files are believed to have been accessed between 17-22 April 2025, and the incident was detected on 28 April 2025. The incident prompted an FBI investigation with US regulators notified, which closed on 23 February 2026.

During the process, investigators confirmed that files containing customer information formed part of the exposed dataset.

After the investigation closed, Ericsson “implemented measures to enhance security and minimise the risk of a similar incident occurring in the future.”

Vendor systems exposed telco data

Regulatory filings indicated that more than 15,000 individuals were affected by the breach.

James Neilson, SVP of Global at OPSWAT, says: “Telecom companies such as Ericsson transmit and store vast amounts of sensitive data, making them an attractive target for cybercriminals looking to make a quick profit.

“Although the data stolen in this breach has not yet been misused, it will inevitably raise concerns around medical and financial identity theft and fraud.”

Complexity in telco supply chains

The telco sector depends on an extended network of technology vendors and cloud providers. This interconnected structure supports global communications networks but also introduces security challenges.

When vendors manage or store information on behalf of telecom firms, they become part of the operational supply chain. Any weakness inside that chain can expose data linked to network users or staff.

James continues: “Telecom networks are vast and complex, often involving multiple tiers of suppliers. The products and services telecom operators rely on are sourced from across the globe, creating a highly-interconnected ecosystem.

“This complexity makes it challenging for security teams to maintain full visibility and effectively detect and respond to cyberattacks.

“Organisations must focus on identifying and mitigating risks to reduce the likelihood and impact of service disruptions and data breaches. This means detecting and neutralising hidden threats by managing data flows and inspecting files in transit across devices, users and the broader digital supply chain.”

Customer protection and response

Following the attack, Ericsson has offered a set of support measures for individuals whose information may be affected.

This includes identity protection services through IDX, months of credit monitoring, dark web monitoring and an identity fraud loss reimbursement policy of up to US$1m.

In addition, Ericsson is providing fully managed identity theft recovery services intended to support affected individuals if fraudulent activity emerges.

The third party service provider involved has strengthened its security controls after identifying the incident while Ericsson continues monitoring the situation and maintains communication with regulators.

The case shows how cyber incidents linked to suppliers can affect telco organisations even when their internal systems remain uncompromised.