A vishing (voice phishing) attack on an unnamed third-party vendor supporting Ericsson's US operations exposed personal and financial data of 15,661 individuals. Attackers socially engineered a vendor employee over the phone in April 2025, gaining access to records between April 17–22. Ericsson wasn't notified until November 2025, with the full scope of affected individuals confirmed in February 2026. Compromised data may include names, Social Security numbers, driver's license numbers, passport details, bank account or payment card numbers, and medical information. Affected individuals are being offered 12 months of credit monitoring, and the vendor has since added new safeguards and staff training.
Sort: