Ericsson Inc., the US subsidiary of Swedish telecom giant Ericsson, disclosed a significant data breach in the week of March 16-22, 2026. Attackers stole data belonging to more than 15,000 employees and customers — and the entry point was not Ericsson's own systems. It was a compromised third-party service provider.
The Third-Party Vendor Problem
Supply chain attacks succeed because organizations have solved the problem of securing their own perimeter but have not extended that discipline to their vendors. Every SaaS tool, managed service provider, and contractor with access to your data is a potential entry point.
The AI Technology Diversion Case
The same week, US prosecutors charged three individuals with routing advanced AI chip technology to China through shell companies — illustrating a second dimension of supply chain threats.
What Businesses Should Do Now
- Audit all third-party vendors with access to production data
- Enforce least-privilege access for every vendor and contractor
- Require SOC 2 Type II from vendors handling sensitive data
- Enable logging and alerting on all vendor data access
- Segment networks so a compromised vendor cannot reach your full data estate
- Include security incident notification in all vendor contracts
At Softechinfra, security is embedded into how we build custom software and cloud infrastructure. If your last security review predates 2025, it almost certainly did not address the current supply chain threat landscape.
Is Your Vendor Access Layer Secure?
Our team reviews third-party access controls and implements monitoring and segmentation to detect vendor-origin attacks.
Request a Security Review
