Ericsson U.S. Data Breach: We Got It Wrong — Here Is the Correction
When news broke earlier this month about an Ericsson U.S. data breach stemming from a third-party service provider hack, we published a post characterizing the scope of the incident based on publicly available breach notification filings. We got some of it wrong, and we want to set the record straight.
After our original article was published, we heard directly from Ericsson with important clarifications. We appreciate them taking the time to reach out, and we are updating the record accordingly.
What Actually Happened
The underlying incident involved a law firm that historically represented Ericsson on U.S. tax matters. That law firm experienced a phishing attack in 2025. The potential Ericsson exposure from this third-party incident was limited to certain employee tax information handled by that firm. It did not involve any customer data and was not an attack on any Ericsson environment. Impacted employees were notified directly.
Where Our Original Post Was Wrong
Our first version of this article stated or implied that both employee and customer personal data were exposed in the breach. That was incorrect for Ericsson. Only certain employee tax information was in scope — no customer data was involved.
We also presented a broad list of data categories — including financial and medical information — as if they applied to Ericsson-impacted individuals. That characterization came from third-party breach reporting aggregators and did not accurately reflect Ericsson’s specific exposure. The correct characterization is that the data involved was limited to certain employee tax-related information.
We regret the imprecision and thank Ericsson for the direct outreach.
What This Means for Cradlepoint and NetCloud Customers
Our original instinct that this breach likely did not affect Cradlepoint’s NetCloud platform turned out to be correct — but for cleaner reasons than we initially understood. This was not a broad corporate data breach. It was a phishing attack on an outside law firm that touched a narrow category of employee tax records. NetCloud infrastructure, router credentials, and customer data were never in scope.
If you are a Cradlepoint customer, there is nothing in this incident that requires action on your end.
A Note on Third-Party Breach Reporting
This situation is a good reminder that breach notification filings — particularly those aggregated by law firm solicitation sites and class action portals — often lump multiple affected companies together under broad data category lists. Those lists reflect the full universe of data types found across all companies involved with a given vendor, not necessarily what was exposed for each individual organization. Reading those filings carefully, and reaching out to the named companies directly when possible, produces a more accurate picture. We will be more careful about that going forward.
5Gstore Take
We cover security news that touches the cellular networking and router world because our customers depend on these devices for real work. When we get something wrong, we say so. Ericsson reached out, gave us the accurate picture, and we are grateful for it. The bottom line for our customers: this incident does not affect Cradlepoint or NetCloud, and the Ericsson exposure was narrow and contained. If you ever have questions about your network security posture or Cradlepoint deployment, contact our team — we are happy to help.
FAQ
Was the Ericsson breach as serious as originally reported? No. Our original post overstated the scope. Ericsson clarified that the exposure was limited to certain employee tax information handled by an outside law firm that experienced a phishing attack. No customer data was involved.
Were Cradlepoint or NetCloud customers affected? No. This incident had no connection to Cradlepoint’s NetCloud platform, router infrastructure, or any customer data.
Why did early reports suggest a broader data exposure? Breach notification filings aggregated by third-party sites often list every data category found across all companies tied to a given vendor incident. Those broad lists did not accurately reflect Ericsson’s specific and limited exposure.
What should Cradlepoint customers do? Nothing specific is required in response to this incident. Standard good hygiene — strong passwords, MFA on your NetCloud account, routine credential rotation — always applies.
