Volvo North America confirms staff data stolen following ransomware attack on IT supplier

Volvo Group North America confirmed a significant data breach after its third-party human resources software provider, Miljodata, was struck by ransomware. The incident began on August 20, 2025, when attackers later identified as the Data Carry ransomware group gained access to Miljodata’s cloud-based HR management platform, which services numerous organizations across Sweden and North America. Miljodata discovered suspicious activity three days after the initial compromise, and by September 2, forensic analysis verified that sensitive files, including employee data from Volvo North America, had been exfiltrated.​
The breach specifically impacted current and former Volvo employees, exposing personal identifiers such as first and last names and Social Security numbers, although no payroll, bank account, or insurance data appears to have been accessed for Volvo staff. For other affected companies, leaked information included phone numbers, home addresses, dates of birth, government IDs, and more, amounting to roughly 870,000 accounts published on dark web leak sites.​
Volvo’s internal systems were not breached directly instead, the attack on the supply chain vendor created a cascading effect, highlighting the risk of outsourcing sensitive functions. After notification from Miljödata, Volvo informed affected employees and began offering free credit and identity protection services. Experts underline that this case exemplifies how third-party service providers can be an unforeseen weak link, causing not just business disruption but also long-term reputational and privacy damage, making robust vendor risk management essential for any organization’s cybersecurity strategy.