Ericsson blames vendor vishing slip-up for breach exposing thousands of records
Summary
Ericsson has disclosed a data breach affecting over 15,000 individuals, stemming from a voice-phishing (vishing) attack against one of its service providers. Attackers successfully tricked an employee into revealing access credentials, which led to the exposure of personal and financial data.
IFF Assessment
This incident highlights a successful social engineering attack that led to a significant data breach, representing a win for attackers.
Defender Context
This incident underscores the persistent threat of social engineering attacks, particularly vishing, even against large organizations. Defenders need to emphasize robust employee training on recognizing and reporting phishing attempts, alongside strong multi-factor authentication and access control measures for vendor accounts.