Volvo North America Discloses Data Breach After Ransomware Attack on Third-Party Supplier
In a recent development, Volvo North America has disclosed a data breach that exposed the personal information of its employees after a ransomware attack hit third-party supplier Miljödata. The attack, which occurred in August, not only affected Miljödata but also impacted at least 25 other companies, including Scandinavian airline SAS, Boliden, and over 200 Swedish municipalities.
The affected systems used by managers and HR to handle medical certificates, rehabilitation matters, and the reporting and management of work-related injuries were compromised in the attack. Miljödata launched an investigation into the incident with the help of cybersecurity experts, enhanced the security of its hosted environment, and is working to prevent similar security breaches in the future.
The ransomware group DataCarry claimed responsibility for the attack on Miljödata and also published allegedly stolen data on its Tor leak site. Volvo Group North America told the Massachusetts AG that a breach exposed employees' names and Social Security numbers. The company pointed out that its systems were not compromised in the attack.
"We were recently informed that a supplier of human resources software to the Volvo Group, Miljödata, was a victim of a security incident in which certain of your personal information may have been accessed," reads the data breach notification letter sent to the impacted individuals. "The incident occurred on August 20, 2025. Miljödata first learned about the ransomware attack on August 23, 2025, and that your data may have been impacted on September 2, 2025; Miljödata notified Volvo Group thereafter on September 2, 2025."
According to the data breach notification service Have I Been Pwned (HIBP), the leaked data belongs to 870,000 accounts. Exposed data includes email addresses, names, physical addresses, phone numbers, government IDs, dates of birth, and gender.
The Scope of the Breach
"In August 2025, the Swedish system supplier Miljödata was the victim of a ransomware attack. Following the attack, data was subsequently published on the dark web and included 870k unique email addresses across various compromised files. Data also included names, phone numbers, physical addresses, dates of birth and government-issued personal identity numbers," reports HIBP.
The scope of the breach is alarming, with sensitive information including email addresses, names, physical addresses, phone numbers, government IDs, dates of birth, and gender being exposed. This highlights the importance of robust cybersecurity measures in protecting sensitive information.
The Response from Volvo Group
Volvo Group provided the affected individuals with 18 months of free identity protection and credit monitoring services to help mitigate the impact of the breach. "To support and protect our impacted colleagues, Volvo Group has arranged to provide you with a 18-month complimentary subscription to Allstate's Identity Protection Pro+ service, which includes credit monitoring, to help protect your personal information," concludes the notification letter.
"We encourage you to be vigilant in monitoring your account statements and credit reports regularly," the letter adds. This response from Volvo Group demonstrates its commitment to supporting affected employees and providing them with resources to protect their sensitive information.