Volvo Employees Hit by Massive Third-Party Data Breach at Conduent Nearly 17,000 Volvo Group North America employees had their personal data exposed after cybercriminals breached Conduent, a major outsourcing provider handling workforce benefits and back-office services. The incident, disclosed in a filing with the Maine Attorney General, affected 16,991 individuals across the U.S., including three in Maine. Attackers gained access to Conduent’s systems between October 21, 2024, and January 13, 2025, exfiltrating files tied to employees’ current or former health plans. Conduent detected the intrusion in January 2025, secured its systems, and launched a forensic investigation. However, Volvo only confirmed its workforce was impacted on January 21, 2026 a year after the breach was initially discovered illustrating the prolonged fallout of vendor-related incidents. The exposed data included names, with additional details varying by individual, though Conduent has not specified what other information was compromised. While there is no evidence the stolen data has been misused, affected employees were offered identity monitoring services. The breach extends far beyond Volvo. Regulators continue to revise victim totals as Conduent and its clients analyze the full scope, with recent filings suggesting tens of millions of Americans may be affected. Conduent’s role in managing systems for Medicaid, unemployment programs, child support services, and employer benefits amplifies the breach’s reach. The attack has been attributed to the SafePay ransomware group, which claims to have stolen multiple terabytes of data, though Conduent has not confirmed the attribution. The incident underscores the risks of prolonged unauthorized access, with attackers lingering in systems handling sensitive personal data for nearly three months. This is not Volvo’s first third-party breach. In 2024, the automaker warned employees of exposed personal data after ransomware attackers targeted Miljödata, a Swedish HR software supplier, compromising names and Social Security numbers. That attack was claimed by the DataCarry ransomware group.

A major data breach in Sweden resulted in the theft of personal information belonging to over 1.5 million citizens, accounting for nearly 15% of the country’s population. The attack, attributed to the hacker group Datacarry, targeted regional administrations, municipalities, and corporations, including Volvo and the airline SAS. Compromised data included names, addresses, contact details of employees and citizens, as well as sensitive corporate information. The attackers demanded a ransom of 1.5 bitcoin (~€147,000) for data recovery. Swedish prosecutors confirmed no evidence of state-sponsored involvement, but the scale of the breach—affecting both public and private sectors—raises severe concerns over systemic vulnerabilities. The incident highlights risks to national data security, corporate espionage, and citizen privacy, with potential long-term reputational and operational damages for affected entities like Volvo, whose proprietary and employee data were exposed.

Volvo Group North America disclosed a data breach after its third-party HR software supplier, Miljödata, suffered a ransomware attack in August 2025. The incident exposed personal data of employees, including names, Social Security numbers, email addresses, physical addresses, phone numbers, government IDs, dates of birth, and gender. The DataCarry ransomware group claimed responsibility and leaked 870,000 unique email addresses and associated sensitive records on the dark web. While Volvo’s internal systems remained uncompromised, the breach impacted HR-related data managed by Miljödata, such as medical certificates, rehabilitation records, and work-related injury reports. Affected employees were offered 18 months of free identity protection and credit monitoring to mitigate risks. The attack also affected other organizations, including Scandinavian Airlines (SAS), Boliden, and 200 Swedish municipalities, highlighting the broad impact of the supply-chain compromise.

Conduent, a New Jersey-based business process outsourcing firm, suffered the largest known health data breach of 2025, exposing sensitive healthcare records. The incident triggered multiple post-hack lawsuits and regulatory investigations, with severe reputational and financial repercussions. The breach compromised personal and medical data of countless individuals, leading to potential identity theft, fraud, and legal liabilities. The fallout includes operational disruptions, loss of client trust, and escalating compliance penalties. Given the scale of the breach—affecting healthcare data—it poses long-term risks to affected patients, including exposure of protected health information (PHI) and potential misuse by malicious actors. The company faces mounting legal costs, reputational damage, and possible contractual terminations from partners wary of further vulnerabilities. The breach underscores systemic failures in cybersecurity governance, amplifying scrutiny from regulators and stakeholders.

Volvo Group disclosed a ransomware attack on its third-party HR software provider, Miljödata, which may have exposed personal data of its North American workforce. The breach, detected on August 23, 2025, involved unauthorized access to employee names and Social Security numbers (SSNs), though no payroll, bank, or insurance details were compromised. While Volvo’s own IT systems remained unaffected, the incident highlights third-party vendor risks and the potential for identity theft and fraud due to the exposure of sensitive SSNs. Volvo is collaborating with Miljödata for forensic investigations, enhancing vendor security protocols, and offering affected employees 18 months of free identity protection services, including credit monitoring and dark-web surveillance. The company has also advised employees to monitor financial statements and place fraud alerts. This breach underscores the critical need for robust vendor cybersecurity oversight to mitigate future risks.

Volvo North America suffered a ransomware attack on its HR system provider, Miljödata, in August 2023. The DataCarry ransomware group breached Miljödata’s Adato system—a platform managing employee sick leave and rehabilitation—exfiltrating sensitive data. For Volvo, the attack exposed employees' first and last names along with Social Security numbers (SSNs). While other affected organizations faced broader data leaks (e.g., phone numbers, addresses, emails, and dates of birth), Volvo’s breach was limited to employee identity data. The attack disrupted 200 Swedish municipalities relying on Miljödata’s software, with 1.5 million individuals impacted overall, including employees from companies like SAS Airlines and multiple universities. Miljödata confirmed the breach on August 25, three days after detection, and initiated remediation with cybersecurity experts. The stolen data was later published on the dark web by DataCarry. Volvo emphasized ongoing monitoring but did not disclose the full scale of its internal exposure beyond SSNs and names.

The Volvo automobile manufacturer's Brazilian retail division exposed private information, endangering its patrons in the enormous nation of South America. The compromised files may have been used by hostile actors to compromise company systems and control official communication channels. The investigative team at Cybernews found that for almost a year, the Brazilian dealer of Volvo cars, Dimas Volvo, had been exposing private information online. The store for Volvo disclosed the hosts, open ports, and credentials for its MySQL and Redis databases as well as information about database authentication. These credentials could further be exploited to access the contents of the databases, which might have stored private user data.

The carmaker Volvo suffered a data breach incident recently in December 2021. The ransomware group Snatch targeted the company and stole its R&D data and leaked some of it on the dark web. However, the customer data was not compromised in the attack.