Key Takeaways
1. Volvo Group North America experienced a personal data breach affecting current and former employees due to a ransomware attack on third-party HR software provider Miljödata.
2. Approximately 16,000 individuals had their personal information, including names and Social Security numbers, compromised as a result of the breach.
3. The ransomware group DataCarry has claimed responsibility for the attack and released samples of stolen files on the darknet.
4. The breach has caused significant disruptions across Sweden, impacting multiple municipalities and organizations using Miljödata’s systems.
5. Volvo is offering 12 months of free identity theft protection and credit monitoring to affected employees but has no plans for direct financial compensation.
Volvo Group North America has announced a breach of personal information affecting some current and former employees due to a ransomware attack on its third-party HR software provider, Miljödata. A breach notice was officially filed with the Massachusetts Attorney General’s office on September 24, 2025. The attackers accessed employee data through the compromised systems of Miljödata, not through Volvo’s own networks.
Incident Overview
The Miljödata breach started during the weekend of August 23–24, 2025, when the supplier’s systems went offline, causing numerous Swedish customers to report service issues. Lund University, one of the first to report the incident, confirmed that approximately 16,000 current and former employees had their personal data compromised in the systems powered by Miljödata.
Details of the Breach
According to Volvo’s filing in Massachusetts, the personal information that may have been exposed includes first and last names, as well as Social Security numbers for some individuals; however, the filing does not specify the exact number of affected Volvo employees. The company states it is in the process of notifying those impacted and providing identity protection services as they, along with Miljödata, continue to investigate the situation.
Connection to Ransomware Group
Security experts and various news sources have tied the Miljödata breach to the ransomware group DataCarry, which has claimed the attack and posted samples of the stolen files on the darknet. Local media also reported confirmation from Swedish prosecutor Sandra Helgadottir regarding this information.
Wider Impact in Sweden
The breach has caused significant issues across Sweden, with multiple municipalities, universities, and other organizations using Miljödata’s Adato and Novi systems experiencing disruptions and subsequently filing notices with Sweden’s data protection authority, the Integritetsskyddsmyndigheten (IMY).
Support for Affected Employees
In its communication, Volvo mentioned that it is providing affected employees with 12 months of complimentary identity theft protection and credit monitoring, as well as a dedicated support line to help address potential fraud or misuse of personal data. As of September 26, 2025, there are no plans for direct financial compensation.
Warnings from Lund University
Lund University, another client of Miljödata impacted by the attack, has warned its employees and former staff to be vigilant against unusual calls, texts, or emails, cautioning that the stolen data could be used for phishing scams or other fraudulent activities.
Source:
Link
Leave a Reply