Overview
- Filings say an employee at an unnamed service provider was duped by phone in April 2025, with potential unauthorized access occurring between April 17 and April 22 and discovery on April 28.
- The vendor notified the FBI and brought in external cybersecurity specialists as Ericsson later learned of the incident and began sending regulatory notifications after a February 23, 2026 file review concluded personal data was involved.
- Ericsson reported to Maine regulators that 15,661 individuals were affected, while a Texas filing lists 4,377 residents in that state alone.
- The exposed data may include names, addresses, Social Security numbers, driver’s license and other government ID numbers, with some records also containing financial and medical information and dates of birth.
- Ericsson says it has not seen evidence of misuse and is offering complimentary IDX identity protection services through June 9, 2026 enrollment, as the vendor implements added safeguards and training.