Ransomware attack leads to data breach affecting Volvo North America employees and numerous entities in Sweden

On September 24, 2025, Volvo Group North America, a manufacturer of trucks, buses, and industrial equipment, notified its current and former employees of a data breach affecting its external supplier Miljödata, a Swedish HR software provider.

Miljödata was the victim of a ransomware attack on August 20, 2025. During the attack, hackers stole personal information from Adato, a work absence management system, and Novi, a note management system. The incident was claimed by the cybercriminal ransomware group DataCarry, which added Miljödata to its leak publication website on September 13 and published the data allegedly stolen from the company the following day.

The incident is estimated to have affected approximately 25 private companies in addition to Volvo, including companies such as the Scandinavian airline SAS and the metallurgical company Boliden. Public entities have also been affected, including several educational institutions and universities in the country, and 200 Swedish municipalities, notably the country's capital, Stockholm.

Volvo Group North America has reported that the incident affected the names and Social Security numbers of its employees. In other cases, some of the affected entities also revealed that employment information, employee identification, sick leave information, and other data were compromised.