Ericsson blames vendor vishing slip-up for breach exposing thousands of records
(2026/03/10)
- Reference: 1773144988
- News link: https://www.theregister.co.uk/2026/03/10/ericsson_blames_vendor_vishing_slipup/
- Source link:
A voice-phishing scam targeting one of Ericsson's service providers has exposed the personal data of more than 15,000 individuals after attackers sweet-talked an employee into handing over access.
The incident, disclosed in filings with US state regulators, traces back to April 2025 when crooks targeted a single employee at an unnamed third-party vendor supporting Ericsson's US operations.
According to the company's disclosure, the service provider discovered the breach on April 28, 2025, after spotting what it describes as a "vishing" incident – essentially social engineering carried out over the phone. The third-party later determined that attackers may have accessed data between April 17 and April 22.
[1]
Once the alarm was sounded, the vendor says it brought in outside cybersecurity experts, forced password resets, notified the FBI, and launched a probe into what the callers managed to get their hands on.
[2]
[3]
Ericsson Inc, the US arm of the Swedish networking and telecoms giant, didn't hear about the incident until months later. The service provider notified Ericsson on November 10, 2025, that data associated with the company had been caught up in the breach.
From there came the slower phase of breach response: figuring out exactly whose information might have been exposed and tracking down contact details for those individuals. That process wrapped up on February 23, 2026, and Ericsson confirmed this week that 15,661 individuals were affected.
[4]
A [5]filing with Maine's attorney general says that the exposed data may include names and Social Security numbers, but [6]a separate disclosure submitted to regulators in Texas suggests that the haul could be considerably bigger.
[7]EV charger biz ELECQ zapped by ransomware crooks, customer contact data stolen
[8]FBI is investigating breach that may have hit its wiretapping tools
[9]Transport for London says 2024 breach affected 7M customers, not 5,000
[10]LexisNexis confirms data breach at Legal & Professional arm, some customer records affected
[11]Gamers furious as indie studio Cloud Imperium quietly admits to data breach
According to the Texas filing, 4,377 individuals in that state alone were affected, and the compromised data may include names, addresses, Social Security numbers, driver's license numbers, and other government-issued IDs such as passports or state ID numbers.
In some cases, the exposed records may also include financial information, like bank account or payment card numbers, as well as medical information and dates of birth.
Ericsson says that it has not yet seen evidence that any of the stolen information has been misused, but affected individuals are being offered 12 months of credit monitoring and the usual advice to keep a close eye on bank accounts, credit reports, and anything else that might suddenly start behaving suspiciously.
The vendor involved has also added new safeguards and extra staff training since the breach, according to the disclosure. As this case shows, sometimes the weak point in a network isn't the software – it's whoever answers the phone. ®
Get our [12]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2abBOOdAaW9crnAcNOn8GOwAAAAc&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44abBOOdAaW9crnAcNOn8GOwAAAAc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33abBOOdAaW9crnAcNOn8GOwAAAAc&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44abBOOdAaW9crnAcNOn8GOwAAAAc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/d920097e-fba8-455c-b632-c7e115e5eb15.html
[6] https://oag.my.site.com/datasecuritybreachreport/apex/DataSecurityReportsPage
[7] https://www.theregister.com/2026/03/09/ransomware_crooks_hit_ev_charger/
[8] https://www.theregister.com/2026/03/08/fbi_investigates_wiretap_system_breach/
[9] https://www.theregister.com/2026/03/06/tfl_2024_breach_numbers/
[10] https://www.theregister.com/2026/03/04/lexisnexis_legal_professional_confirms_data/
[11] https://www.theregister.com/2026/03/03/brit_games_studio_cloud_imperium/
[12] https://whitepapers.theregister.com/
The incident, disclosed in filings with US state regulators, traces back to April 2025 when crooks targeted a single employee at an unnamed third-party vendor supporting Ericsson's US operations.
According to the company's disclosure, the service provider discovered the breach on April 28, 2025, after spotting what it describes as a "vishing" incident – essentially social engineering carried out over the phone. The third-party later determined that attackers may have accessed data between April 17 and April 22.
[1]
Once the alarm was sounded, the vendor says it brought in outside cybersecurity experts, forced password resets, notified the FBI, and launched a probe into what the callers managed to get their hands on.
[2]
[3]
Ericsson Inc, the US arm of the Swedish networking and telecoms giant, didn't hear about the incident until months later. The service provider notified Ericsson on November 10, 2025, that data associated with the company had been caught up in the breach.
From there came the slower phase of breach response: figuring out exactly whose information might have been exposed and tracking down contact details for those individuals. That process wrapped up on February 23, 2026, and Ericsson confirmed this week that 15,661 individuals were affected.
[4]
A [5]filing with Maine's attorney general says that the exposed data may include names and Social Security numbers, but [6]a separate disclosure submitted to regulators in Texas suggests that the haul could be considerably bigger.
[7]EV charger biz ELECQ zapped by ransomware crooks, customer contact data stolen
[8]FBI is investigating breach that may have hit its wiretapping tools
[9]Transport for London says 2024 breach affected 7M customers, not 5,000
[10]LexisNexis confirms data breach at Legal & Professional arm, some customer records affected
[11]Gamers furious as indie studio Cloud Imperium quietly admits to data breach
According to the Texas filing, 4,377 individuals in that state alone were affected, and the compromised data may include names, addresses, Social Security numbers, driver's license numbers, and other government-issued IDs such as passports or state ID numbers.
In some cases, the exposed records may also include financial information, like bank account or payment card numbers, as well as medical information and dates of birth.
Ericsson says that it has not yet seen evidence that any of the stolen information has been misused, but affected individuals are being offered 12 months of credit monitoring and the usual advice to keep a close eye on bank accounts, credit reports, and anything else that might suddenly start behaving suspiciously.
The vendor involved has also added new safeguards and extra staff training since the breach, according to the disclosure. As this case shows, sometimes the weak point in a network isn't the software – it's whoever answers the phone. ®
Get our [12]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2abBOOdAaW9crnAcNOn8GOwAAAAc&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44abBOOdAaW9crnAcNOn8GOwAAAAc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33abBOOdAaW9crnAcNOn8GOwAAAAc&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44abBOOdAaW9crnAcNOn8GOwAAAAc&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/d920097e-fba8-455c-b632-c7e115e5eb15.html
[6] https://oag.my.site.com/datasecuritybreachreport/apex/DataSecurityReportsPage
[7] https://www.theregister.com/2026/03/09/ransomware_crooks_hit_ev_charger/
[8] https://www.theregister.com/2026/03/08/fbi_investigates_wiretap_system_breach/
[9] https://www.theregister.com/2026/03/06/tfl_2024_breach_numbers/
[10] https://www.theregister.com/2026/03/04/lexisnexis_legal_professional_confirms_data/
[11] https://www.theregister.com/2026/03/03/brit_games_studio_cloud_imperium/
[12] https://whitepapers.theregister.com/
Victims of data breaches deserve better
Anonymous Coward
> but affected individuals are being offered 12 months of credit monitoring
12 months of credit monitoring is a giant middle finger to the victims of this negligence.
Want to stop data breaches? Require that negligent parties actually compensate victims, rather than slap them in the face. Then cybersecurity will be taken seriously and funded accordingly.
"A voice-phishing scam "
what was the method? What (if any) procedures were not followed?