Volvo Data Breach: North America Collateral Hit by Cyber Attack | ZATAZ

Ransomware attack against the Swedish supplier Miljödata exhibited the personal data of employees of North America, confirming the vulnerability of HR software chains.

Volvo Group North America confirmed a data violation that affected its employees after the ransomware attack of its Swedish service provider Miljödata. The incident, which occurred in August 2025, impacted at least 25 organizations, including SAS, Boliden and several municipalities. The pirates, affiliated with the Datacarry group, published stolen information on the Dark Web. Compromise data include names, social security numbers, addresses and government identifiers. Volvo assures that its own systems have not been infiltrated, but offered 18 months of credit and identity protection to the victims. This episode illustrates the high risks linked to third -party providers and the difficulty in securing the digital HR channel.

A supplier targeted by cybercriminals

The attack took place on August 20, 2025 and was detected three days later by Miljödata. This Scandinavian provider provides human resources management solutions used for medical certificates, rehabilitation procedures and work accidents monitoring. Quickly, the company requested cybersecurity experts to assess the extent of the compromise and strengthen its hosted environment. Despite these measures, the pirates claiming the intrusion, grouped under the Datacarry banner, broadcast stolen sensitive data on their clandestine site.

The attack led to the broadcast of 870,000 compromised accounts. The information concerned includes email addresses, telephone numbers, physical addresses, birth dates, government identifiers and sex. Volvo Group notified the authorities, notably the Attorney General of Massachusetts, stating that the data of its North American employees was affected, without its own servers being penetrated. The information concerned includes social security names and numbers. The affected employees were alerted by official mail in early September, after the confirmation of the impact on the Volvo bases.

Faced with this leak, Volvo has set up an offer of 18 months of protection via the Identity Protection Pro+ service of allstate, including credit surveillance and alert in the event of fraudulent use. The company also invited its employees to remain attentive to their financial statements.