Volvo Group Notifies Employees of Data Breach After Ransomware Attack on HR Supplier Miljödata
Volvo Group North America has issued notifications to current and former employees regarding the compromise of personal data following a breach at its third-party HR services provider, the Swedish firm Miljödata. The incident affected internal personnel records, including names and Social Security Numbers (SSNs).
The ransomware attack occurred on August 20, 2025, encrypting Miljödata’s servers and disrupting its services. Suspicious activity was detected only on August 23, and by September 2 an internal investigation confirmed that personal data may have been exposed. Miljödata subsequently informed Volvo and began containment measures. Importantly, Volvo’s own infrastructure was not impacted; the intrusion was confined to the contractor’s environment.
The potential exposure involved basic personally identifiable information such as full names and SSNs. Salary details, bank account numbers, and insurance records were not affected. Nonetheless, the inclusion of SSNs in the leak significantly raises the risk of fraud and identity theft if misused.
Volvo and Miljödata continue to investigate the scope of the breach, including the possible compromise of additional data categories. Miljödata has engaged independent cybersecurity specialists to conduct a thorough digital forensics review and modernize its infrastructure, while Volvo has initiated an internal reassessment of its vendor management and data protection policies.
As part of its risk mitigation strategy, Volvo is offering affected employees complimentary access to Allstate Identity Protection Pro+ for 18 months. The service includes credit history monitoring, credit score tracking, dark web surveillance, and comprehensive identity restoration support. Credentials and activation instructions are being delivered via both email and postal mail.
Affected individuals are advised to remain vigilant by regularly reviewing bank and credit statements, making use of free annual credit reports, and considering fraud alerts or credit freezes if necessary. A dedicated assistance line has been established to provide guidance on identity protection and damage control.
The Miljödata breach has affected approximately 25 private companies, including airline SAS and metals group Boliden, as well as nearly 200 Swedish municipalities, including Stockholm, alongside several academic institutions.
The DataCarry ransomware group has claimed responsibility, publishing a trove of stolen data on its Tor site on September 14. Two days later, the information—including 870,000 unique email addresses along with names, addresses, phone numbers, birth dates, and national identifiers—was added to the Have I Been Pwned database.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
