"The incident traces back to April 2025, when attackers used a phone call to socially engineer a single employee at an unnamed third-party vendor into handing over account access. Vishing, voice phishing over the phone by pretending to be a legitimate caller, is a growing threat. Usually, attackers pose as IT service staff or another internal department."
"What exactly was exposed depends on which state filing you look at. Maine's attorney general received a disclosure covering names and Social Security numbers. Texas regulators, however, received a broader picture: the 4,377 Texas individuals affected may have had names, addresses, Social Security numbers, driver's licence numbers, government-issued IDs, financial information, medical information, and dates of birth compromised."
"Ericsson says it has not yet seen evidence that the stolen information has been misused. Of course, this is incredibly hard to confirm or deny. In large-scale leaks, it is enticing for attackers to sell the stolen data to another party or use it later for a future compromise."
Attackers used voice phishing to socially engineer an employee at a third-party vendor supporting Ericsson's US operations, gaining unauthorized account access in April 2025. The breach exposed data on 15,661 individuals, with potential compromise of names, Social Security numbers, addresses, driver's license numbers, government-issued IDs, financial information, medical information, and dates of birth. The vendor detected the breach on April 28, 2025, after attackers accessed systems between April 17-22. Response measures included engaging cybersecurity experts, forcing password resets, and notifying the FBI. Ericsson reports no evidence of data misuse, though confirmation remains difficult in large-scale breaches where stolen information may be sold or used for future attacks.
#vishing-attack #social-engineering #data-breach #third-party-vendor-risk #personal-information-exposure
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]