"The incident, disclosed in filings with US state regulators, traces back to April 2025 when crooks targeted a single employee at an unnamed third-party vendor supporting Ericsson's US operations. According to the company's disclosure, the service provider discovered the breach on April 28, 2025, after spotting what it describes as a "vishing" incident - essentially social engineering carried out over the phone."
"According to the Texas filing, 4,377 individuals in that state alone were affected, and the compromised data may include names, addresses, Social Security numbers, driver's license numbers, and other government-issued IDs such as passports or state ID numbers."
"Once the alarm was sounded, the vendor says it brought in outside cybersecurity experts, forced password resets, notified the FBI, and launched a probe into what the callers managed to get their hands on."
In April 2025, attackers conducted a voice-phishing scam targeting an employee at a third-party vendor supporting Ericsson's US operations. The breach occurred between April 17-22, 2025, and was discovered on April 28. The service provider responded by engaging cybersecurity experts, resetting passwords, and notifying the FBI. Ericsson was not informed until November 10, 2025. The investigation concluded on February 23, 2026, revealing 15,661 affected individuals. Exposed data includes names, Social Security numbers, addresses, driver's license numbers, and other government-issued identification documents.
#voice-phishing-attack #data-breach #social-engineering #personal-information-exposure #third-party-vendor-security
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]