Volvo North America confirms staff data stolen after Miljödata ransomware attack

Volvo exhibition booth at Realestate.com.kh Expo 2022, showcasing multiple Volvo cars including SUVs, with promotional banners and branding in front of a grand white building with columns. (Image Source: I'm Zion via Pexels)

Volvo confirms an employee data leak occurred as a result of the Miljödata ransomware attack. Affected by the breach is the car manufacturer's staff in the United States and one more country; Lund University employees may also be at risk.

Praneeta, Published 09/27/2025 🇪🇸 🇵🇹 ...

Hack / Data Breach Security

Volvo Group North America has confirmed that personal data of some current and former employees was exposed after a ransomware attack on its third-party HR software provider, Miljödata. Volvo filed a formal breach notice with the Massachusetts Attorney General’s office on September 24, 2025, saying attackers accessed employee records via Miljödata’s compromised systems rather than Volvo’s internal networks.

The Miljödata incident began over the weekend of August 23–24, 2025, when the supplier’s systems were taken offline and many Swedish customers reported service disruptions. Lund University, an early reporter, later confirmed about 16,000 current and former employees had personal data affected in its Miljödata-powered systems.

Volvo’s Massachusetts filing states that the personal information potentially exposed includes first and last names and Social Security numbers for some individuals; the filing does not give an exact count of Volvo employees affected. Volvo claims it is notifying impacted staff and offering identity protection services as it and Miljödata investigate matters.

Security researchers and multiple outlets have linked the Miljödata breach to the ransomware group DataCarry, which has claimed responsibility and posted samples of stolen files on the darknet. Swedish prosecutor Sandra Helgadottir also confirmed this information to local media.

The breach has had wide ripple effects across Sweden, with several municipalities, universities and other organisations using Miljödata’s Adato and Novi systems reporting interruptions and filing notices with Sweden’s data-protection authority, the Integritetsskyddsmyndigheten (IMY).

Volvo, in its letter, says it is offering affected employees 12 months of free identity theft protection and credit monitoring, along with a dedicated support line, as a way to combat potential fraud or misuse of personal data. There is no direct financial compensation planned (as of this writing - September 26, 2025).

Lund University, another Miljödata client hit by the same attack, has separately urged employees and former staff to stay alert to unusual calls, texts, or emails, warning that stolen data could be exploited in phishing attempts or various scams.