The severity is HIGH due to the potential for identity theft and financial fraud from the exposed data. Real-world exploitability is high as the attack was successful through social engineering.
Ericsson experienced a data breach due to a vendor vishing attack, exposing personal and financial data of over 15,000 individuals. The impact includes exposure of sensitive information such as Social Security numbers and financial details.
Affected Systems
- Unnamed third-party vendor supporting Ericsson's US operations
Affected Versions: Not specified in the advisory
Remediation
- Conduct thorough security audits and implement enhanced training for employees on recognizing and responding to vishing attempts.
- Implement multi-factor authentication (MFA) for critical systems and applications used by vendors.
- Regularly review access controls and ensure that third-party vendor accounts have the least privilege necessary.
Stack Impact
No specific software or hardware impacts are identified in this advisory. The issue is centered around human vulnerabilities rather than technical weaknesses.