Excerpt from SecurityWeek Article, Published on September 25, 2025
The Volvo Group is currently notifying its current and former employees of a serious data breach triggered by a ransomware attack on its third-party supplier, Miljödata, in August 2025. Miljödata provides critical HR and rehabilitation support systems — named Adato and Novi — used by Volvo’s workforce. The attack was orchestrated by the DataCarry ransomware group.
The breach spread widely, impacting not only Volvo but approximately 25 private companies, multiple educational institutions, and nearly 200 Swedish municipalities, including Sweden’s capital, Stockholm. Data stolen in the attack was made public on September 14 after being posted on the hacker group’s dark web leak site.
The compromised information includes roughly 870,000 unique email addresses as well as names, physical addresses, phone numbers, government-issued IDs, birthdates, and gender details. For some users, employment records such as employee IDs and sick leave data were also exposed. Specifically, Volvo disclosed that some employees’ Social Security numbers and names were struck in the breach.
Following detection of the incident on August 20 and notification by Miljödata on September 2, Volvo began notifying affected individuals in September and also reported the breach to the Massachusetts Attorney General’s office on September 24. To protect impacted employees, Volvo is providing 18 months of free identity theft protection and credit monitoring services, including dark web monitoring and real-time threat alerts.
This incident underscores the risks companies face through vulnerabilities in their third-party vendors, especially with ransomware attacks aimed at holding sensitive corporate data hostage. Volvo’s transparent response and protective measures align with best practices in cybersecurity breach management to mitigate harm and rebuild trust.
To delve deeper into this topic, visit the SecurityWeek article.
