Volvo North America Employee Data Exposed in Miljödata Cloud Breach

Volvo Group North America LLC is a part of AB Volvo, which operates in North American Region. It manufactures trucks, buses, construction equipment and industrial/marine engines. Volvo North America uses human resources and employee management software’s by Miljödata (a Swedish Company).

A ransomware group attacked Miljödata on 20 August 2025 and stole employees first and last names as well as their Social Security Numbers (SSNs). Miljödata detected the incident on 23 August 2025. After conducting investigation, Miljödata confirmed the breach and informed Volvo on 2 September 2025 that personal information of their employees had been accessed.

How it happened?

The ransomware attack on Miljödata began on 20 August 2025, the ransomware group breached Miljödata cloud infrastructure, which operates on a centralized & multitenant arrangement. The attackers are likely exploited a vulnerability or weak access point such as phishing, unpatched software, or exposed Remote Desktop Protocol (RDP) although the exact entry method has not been publicly disclosed.  

The hackers broke into two of Miljödata’s systems: Adato (an HR & rehabilitation management system) and Novi (an HR notes platform). They followed the classical ransomware approach - first stealing sensitive data, then locking the systems with encryption.

Miljödata detected the attack on 23 August 2025. The ransomware group DataCarry claimed responsibility for the breach and later leaked the stolen data on their dark web Tor site on 13 September 2025.

How is it know to the world?

On 2 September 2025 Miljödata officially confirmed that data had been accessed by the attackers and notified Volvo. Volvo informed to its current and former employees about the breach. The breached data was added to Have I Been Pwned (HIBP) on September 16, allowing individuals to check if their information had been exposed. Volvo officially reported the breach to the Massachusetts Attorney General’s Office.

What is the Impact?

The breached data includes the employees first and last names and Social Security Numbers (SSN) - a unique 9-digit number given by the U.S. government that is connected to a person’s identity, finances, and access to government services. If this employee's sensitive information falls into the wrong hands, it can lead to identity theft, it helps cybercriminals to open bank accounts, apply loans, file fake tax returns etc. Due to this breach reputational concerns have been raised, and highlights supply chain risks.

What are the preventive measures?

Volvo notified to its current and former employees about the breach and sent formal breach notifications to affected staff. 

Volvo is offering an 18-month complimentary subscription to Allstate’s Identity Protection Pro+ service for the affected current and former employees, this includes: 

• credit monitoring,

• dark web monitoring,

• identity restoration support,

• real time threat alerts

These services are designed to help safeguard personal information and detect potential misuse early.

Sources:

https://www.darkreading.com/cyberattacks-data-breaches/volvo-employee-ssns-stolen-ransomware-attack

https://databreaches.net/2021/12/11/volvo-had-some-rd-data-stolen-in-security-breach/

https://haveibeenpwned.com/Breach/Miljodata

https://databreach.com/breach/miljodata-2025

https://cybersecuritynews.com/volvo-group-discloses-data-breach/

https://www.cyberdaily.au/security/12689-volvo-north-america-confirms-third-party-data-breach