Volvo’s North American unit has admitted that its employees’ personal data fell into the hands of cybercriminals after its HR provider Miljödata was hacked by a new group called DataCarry. Volvo said the breach involved the names, surnames and social security numbers of its employees. The company has filed an official report with the Massachusetts Attorney General’s Office and has promised to provide free credit monitoring and identity theft protection services.
The stolen information could be used for fraudulent activities and identity theft. Volvo urged affected colleagues to be especially careful with their bank statements and credit reports.
The breach occurred through the provider Miljödata, which served dozens of companies. The attack, carried out by the DataCarry group in late summer 2025, affected more than 870,000 accounts.
Miljödata was used by large organizations, including SAS, Lund University, and municipalities in Sweden, including Stockholm. Since the company apparently refused to pay the ransom (about $165,000), the data was published on the group’s darknet blog.
The DataCarry group was first detected only in May 2025, but it has already caused damage to dozens of companies, working according to the classic data extortion scheme — data theft followed by ransom demands.
The Volvo data leak shows how dangerous dependencies on third-party suppliers are. Even global companies can become victims due to the weaknesses of their partners. This case highlights the need for businesses to thoroughly vet suppliers, implement multi-layered security protocols, and prepare incident response plans to minimize the impact of attacks.
