Year-Long Investigation Discovers Thousands Impacted by Ericsson Breach
A data breach involving Ericsson’s U.S. subsidiary has exposed the personal information of roughly 15,000 individuals after attackers gained unauthorized access to systems operated by a third-party service provider. According to disclosures filed with the Maine Attorney General, the intrusion occurred between April 17–22, 2025, but the forensic investigation took all the way until February 2026. This incident is yet another example of how breaches at organizations that lack comprehensive visibility into their infrastructure can remain unresolved for months simply to determine fundamental questions such as "what data was accessed?" Ericsson said the compromised files contained personal information, though it has not clarified whether the data belonged to employees, customers, or both.
Often in such breaches, stolen data later surfaces on underground markets and on the dark web before it is leveraged against impacted victims. The incident also underscores a growing challenge: third-party supply chain risk. Many organizations entrust vendors with sensitive operational or personnel data, yet visibility into those environments is often limited. When an external partner is compromised, attackers can gain indirect access to sensitive information while the primary organization remains unaware until months later.
Preventing breaches like this requires continuous visibility across both internal systems and third-party environments, with the ability to detect suspicious activity and investigate incidents retroactively. Organizations must unify network telemetry, system logs, authentication activity, and data access events into a single platform, like NIKSUN, that is capable of identifying abnormal behavior and reconstructing the full attack timeline. With deep network analytics, historical forensics, and real-time monitoring, companies can quickly determine when an intrusion began, what data was accessed, and whether information was exfiltrated — turning months-long investigations into rapid, defensible incident response while reducing risk exposures. Read more about this story on our LinkedIn page
Often in such breaches, stolen data later surfaces on underground markets and on the dark web before it is leveraged against impacted victims. The incident also underscores a growing challenge: third-party supply chain risk. Many organizations entrust vendors with sensitive operational or personnel data, yet visibility into those environments is often limited. When an external partner is compromised, attackers can gain indirect access to sensitive information while the primary organization remains unaware until months later.
Preventing breaches like this requires continuous visibility across both internal systems and third-party environments, with the ability to detect suspicious activity and investigate incidents retroactively. Organizations must unify network telemetry, system logs, authentication activity, and data access events into a single platform, like NIKSUN, that is capable of identifying abnormal behavior and reconstructing the full attack timeline. With deep network analytics, historical forensics, and real-time monitoring, companies can quickly determine when an intrusion began, what data was accessed, and whether information was exfiltrated — turning months-long investigations into rapid, defensible incident response while reducing risk exposures. Read more about this story on our LinkedIn page