Last updated 3 weeks ago
Ericsson, a multinational telecommunications and networking technology company, experienced a data breach publicly disclosed in March 2026. The incident exposed data belonging to approximately 15,000 individuals, comprising both employees and customers.
The breach originated from a compromise of a third-party service provider, representing a supply chain attack vector. The specific exploitation technique used against the provider was not detailed. The attacker successfully exfiltrated employee and customer data, though the precise data types and fields within those categories were not specified in the initial disclosure.
Ericsson has publicly announced the breach and is conducting an investigation. The company is notifying affected individuals and relevant authorities in compliance with data protection regulations.
Compromise of a third-party service provider
This breach at Ericsson highlights the critical risk posed by third-party service providers in the technology and telecommunications sectors. The compromise of a vendor led to the exposure of sensitive employee and customer data for a major corporation, underscoring the failure of supply chain security controls. It demonstrates that robust vendor risk management and continuous monitoring of third-party access are essential, even for large, security-mature organizations.
Sign in to join the discussion.
Company
Industry
Location
Disclosed
Records Affected
Attack Vector