A voice-phishing scam targeting one of Ericsson's service providers has exposed the personal data of more than 15,000 individuals after attackers sweet-talked an employee into handing over access.
The incident, disclosed in filings with US state regulators, traces back to April 2025 when crooks targeted a single employee at an unnamed third-party vendor supporting Ericsson's US operations.
According to the company's disclosure, the service provider discovered the breach on April 28, 2025, after spotting what it describes as a "vishing" incident – essentially social engineering carried out over the phone. The third-party later determined that attackers may have accessed data between April 17 and April 22.
Once the alarm was sounded, the vendor says it brought in outside cybersecurity experts, forced password resets, notified the FBI, and launched a probe into what the callers managed to get their hands on.
Ericsson Inc, the US arm of the Swedish networking and telecoms giant, didn't hear about the incident until months later. The service provider notified Ericsson on November 10, 2025, that data associated with the company had been caught up in the breach.
From there came the slower phase of breach response: figuring out exactly whose information might have been exposed and tracking down contact details for those individuals. That process wrapped up on February 23, 2026, and Ericsson confirmed this week that 15,661 individuals were affected.
A filing with Maine's attorney general says that the exposed data may include names and Social Security numbers, but a separate disclosure submitted to regulators in Texas suggests that the haul could be considerably bigger.
According to the Texas filing, 4,377 individuals in that state alone were affected, and the compromised data may include names, addresses, Social Security numbers, driver's license numbers, and other government-issued IDs such as passports or state ID numbers.
In some cases, the exposed records may also include financial information, like bank account or payment card numbers, as well as medical information and dates of birth.
Ericsson says that it has not yet seen evidence that any of the stolen information has been misused, but affected individuals are being offered 12 months of credit monitoring and the usual advice to keep a close eye on bank accounts, credit reports, and anything else that might suddenly start behaving suspiciously.
The vendor involved has also added new safeguards and extra staff training since the breach, according to the disclosure. As this case shows, sometimes the weak point in a network isn't the software – it's whoever answers the phone. ®
Source: The register