Pierluigi Paganini
September 25, 2025
Volvo NA disclosed a data breach that exposed the personal data of its employees after a ransomware attack hit the third-party supplier Miljödata.
The ransomware attack occurred in August and impacted at least 25 companies, including Scandinavian airline SAS, Boliden, and 200 Swedish municipalities. The affected systems are used by managers and HR to handle medical certificates, rehabilitation matters, and the reporting and management of work-related injuries.
Miljödata launched an investigation into the incident with the help of cybersecurity experts, enhanced the security of its hosted environment, and is working to prevent similar security breaches in the future.
The ransomware group DataCarry claimed responsibility for the attack on Miljödata and also published allegedly stolen data on its Tor leak site.
Volvo Group North America told the Massachusetts AG that a breach exposed employees’ names and Social Security numbers. The company pointed out that its systems were not compromised.
“We were recently informed that a supplier of human resources software to the Volvo Group, Miljödata, was a victim of a security incident in which certain of your personal information may have been accessed.” reads the data breach notification letter sent to the impacted individuals. “The incident occurred on August 20, 2025. Miljödata first learned about the ransomware attack on August 23, 2025, and that your data may have been impacted on September 2, 2025; Miljödata notified Volvo Group thereafter on September 2, 2025.”
According to the data breach notification service Have I Been Pwned (HIBP), the leaked data belongs to 870,000 accounts. Exposed data includes email addresses, names, physical addresses, phone numbers, government IDs, dates of birth, and gender.
“In August 2025, the Swedish system supplier Miljödata was the victim of a ransomware attack. Following the attack, data was subsequently published on the dark web and included 870k unique email addresses across various compromised files. Data also included names, phone numbers, physical addresses, dates of birth and government-issued personal identity numbers.” reports HIBP.
Volvo Group provided the affected individuals with 18 months of free identity protection and credit monitoring services.
“To support and protect our impacted colleagues, Volvo Group has arranged to provide you with a 18-month complimentary subscription to Allstate’s Identity Protection Pro+ service, which includes credit monitoring, to help protect your personal information.” concludes the notification letter. “We encourage you to be vigilant in monitoring your account statements and credit reports regularly.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, ransomware attack)
Hacking / September 25, 2025
