Volvo NA Employee Data Stolen in Miljödata Ransomware Attack
Summary
Hide ▲
Show ▼
The Miljödata breach, affecting Volvo Group North America (Volvo NA) and other organizations, exposed sensitive data for over 1.5 million individuals. The breach, confirmed in August 2025, was perpetrated by the DataCarry ransomware group, which compromised Miljödata's cloud infrastructure. The incident has led to operational disruptions in multiple Swedish regions and is under investigation by the Swedish Authority for Privacy Protection (IMY). The breach affected several universities, at least 25 companies, and 164 municipalities in Sweden, exposing additional PII for other affected organizations. The DataCarry group demanded 1.5 Bitcoins and published stolen data on the Dark Web. The incident highlights the vulnerabilities in centralized, multi-tenant cloud services and the potential for significant reputational and operational damage. Additional organizations, including Stellantis and Jaguar Land Rover, suffered similar supply chain attacks within weeks of the Miljödata incident.
Timeline
-
26.09.2025 22:59 2 articles · 1mo ago
DataCarry Ransomware Group Breaches Miljödata Cloud Infrastructure
The Swedish Authority for Privacy Protection (IMY) is investigating the breach. The attack caused operational disruptions in multiple Swedish regions, including Halland, Gotland, Skellefteå, Kalmar, Karlstad, and Mönsterås. The IMY investigation prioritizes Miljödata, the City of Gothenburg, the Municipality of Älmhult, and the Region of Västmanland. The leaked data includes names, email addresses, physical addresses, phone numbers, government IDs, and dates of birth for 870,000 individuals, according to Have I Been Pwned. The DataCarry ransomware group posted the stolen data on its dark web portal on September 13, 2025.
Show sources
- Volvo Employee SSNs Stolen in Supplier Ransomware Attack — www.darkreading.com — 26.09.2025 22:59
- Data breach at major Swedish software supplier impacts 1.5 million — www.bleepingcomputer.com — 04.11.2025 18:53
Information Snippets
-
Miljödata, a Swedish HR software provider, was breached by the DataCarry ransomware group on August 20, 2025.
First reported: 26.09.2025 22:592 sources, 2 articlesShow sources
- Volvo Employee SSNs Stolen in Supplier Ransomware Attack — www.darkreading.com — 26.09.2025 22:59
- Data breach at major Swedish software supplier impacts 1.5 million — www.bleepingcomputer.com — 04.11.2025 18:53
-
The attack compromised Miljödata's cloud infrastructure, affecting hundreds of customers and millions of individuals.
First reported: 26.09.2025 22:592 sources, 2 articlesShow sources
- Volvo Employee SSNs Stolen in Supplier Ransomware Attack — www.darkreading.com — 26.09.2025 22:59
- Data breach at major Swedish software supplier impacts 1.5 million — www.bleepingcomputer.com — 04.11.2025 18:53
-
Volvo NA's employee names and SSNs were stolen and potentially published on the Dark Web.
First reported: 26.09.2025 22:592 sources, 2 articlesShow sources
- Volvo Employee SSNs Stolen in Supplier Ransomware Attack — www.darkreading.com — 26.09.2025 22:59
- Data breach at major Swedish software supplier impacts 1.5 million — www.bleepingcomputer.com — 04.11.2025 18:53
-
The ransomware group demanded 1.5 Bitcoins, approximately $165,000, and followed through on their threat to publish stolen data.
First reported: 26.09.2025 22:592 sources, 2 articlesShow sources
- Volvo Employee SSNs Stolen in Supplier Ransomware Attack — www.darkreading.com — 26.09.2025 22:59
- Data breach at major Swedish software supplier impacts 1.5 million — www.bleepingcomputer.com — 04.11.2025 18:53
-
The breach affected several universities, at least 25 companies, and 164 municipalities in Sweden.
First reported: 26.09.2025 22:592 sources, 2 articlesShow sources
- Volvo Employee SSNs Stolen in Supplier Ransomware Attack — www.darkreading.com — 26.09.2025 22:59
- Data breach at major Swedish software supplier impacts 1.5 million — www.bleepingcomputer.com — 04.11.2025 18:53
-
Other affected organizations lost additional PII, including gender, dates of birth, employment details, and contact information.
First reported: 26.09.2025 22:592 sources, 2 articlesShow sources
- Volvo Employee SSNs Stolen in Supplier Ransomware Attack — www.darkreading.com — 26.09.2025 22:59
- Data breach at major Swedish software supplier impacts 1.5 million — www.bleepingcomputer.com — 04.11.2025 18:53
-
Stellantis and Jaguar Land Rover also suffered similar supply chain attacks within weeks of the Miljödata incident.
First reported: 26.09.2025 22:591 source, 1 articleShow sources
- Volvo Employee SSNs Stolen in Supplier Ransomware Attack — www.darkreading.com — 26.09.2025 22:59
-
The ShinyHunters group breached Stellantis on September 21, 2025, stealing customer names and contact details.
First reported: 26.09.2025 22:591 source, 1 articleShow sources
- Volvo Employee SSNs Stolen in Supplier Ransomware Attack — www.darkreading.com — 26.09.2025 22:59
-
Jaguar Land Rover was attacked by Scattered Lapsus$ Hunters on August 31, 2025, leading to a halt in production and government intervention.
First reported: 26.09.2025 22:591 source, 1 articleShow sources
- Volvo Employee SSNs Stolen in Supplier Ransomware Attack — www.darkreading.com — 26.09.2025 22:59
-
The Swedish Authority for Privacy Protection (IMY) is investigating the Miljödata breach.
First reported: 04.11.2025 18:531 source, 1 articleShow sources
- Data breach at major Swedish software supplier impacts 1.5 million — www.bleepingcomputer.com — 04.11.2025 18:53
-
The attack caused operational disruptions in multiple Swedish regions, including Halland, Gotland, Skellefteå, Kalmar, Karlstad, and Mönsterås.
First reported: 04.11.2025 18:531 source, 1 articleShow sources
- Data breach at major Swedish software supplier impacts 1.5 million — www.bleepingcomputer.com — 04.11.2025 18:53
-
The IMY investigation prioritizes Miljödata, the City of Gothenburg, the Municipality of Älmhult, and the Region of Västmanland.
First reported: 04.11.2025 18:531 source, 1 articleShow sources
- Data breach at major Swedish software supplier impacts 1.5 million — www.bleepingcomputer.com — 04.11.2025 18:53
-
The leaked data includes names, email addresses, physical addresses, phone numbers, government IDs, and dates of birth for 870,000 individuals, according to Have I Been Pwned.
First reported: 04.11.2025 18:531 source, 1 articleShow sources
- Data breach at major Swedish software supplier impacts 1.5 million — www.bleepingcomputer.com — 04.11.2025 18:53
-
The DataCarry ransomware group posted the stolen data on its dark web portal on September 13, 2025.
First reported: 04.11.2025 18:531 source, 1 articleShow sources
- Data breach at major Swedish software supplier impacts 1.5 million — www.bleepingcomputer.com — 04.11.2025 18:53
Similar Happenings
Merkle Breach Exposes Employee and Client Data
Merkle, a US-based subsidiary of Dentsu, experienced a cyberattack resulting in the theft of sensitive employee and client data. The breach was detected through unusual network activity, prompting an incident response and investigation. The stolen data includes bank details, payroll information, and personal contact details. Merkle has notified affected individuals and law enforcement, and is offering credit monitoring and Dark Web monitoring to impacted employees. The nature of the attack remains unknown, but it may involve data extortion or ransomware. The incident highlights the ongoing threat of data theft and the importance of robust incident response protocols.
Discord User Data Compromised in Third-Party Breach
Hackers claim to have stolen data from 5.5 million unique Discord users after compromising a third-party customer service provider. The attack occurred on September 20, 2025, affecting users who interacted with Discord’s customer support and/or Trust and Safety teams. The breach appears to be financially motivated, with hackers demanding a ransom. The Scattered Lapsus$ Hunters (SLH) threat group claimed responsibility for the attack, stating they breached a Zendesk instance used by Discord for customer support. The compromised data includes real names, usernames, email addresses, contact details, IP addresses, messages, attachments, photos of government-issued identification documents, partial billing information, and purchase history. Discord took immediate action to isolate the support provider from its ticketing system and launched an investigation with the help of a forensics firm and law enforcement. The hackers also accessed corporate data, including training materials and internal presentations. Discord has notified law enforcement and relevant data protection authorities about the incident. No full credit card numbers, CVV codes, passwords, or authentication data were compromised. Additionally, no messages or activity on Discord outside of communication with customer support were obtained by the attackers.
Renault and Dacia UK Customers Affected by Third-Party Data Breach
Renault and Dacia UK customers have been notified of a data breach affecting personal information shared with a third-party provider. The breach exposed full names, gender, phone numbers, email addresses, postal addresses, vehicle identification numbers, and vehicle registration numbers. The third-party provider has isolated the incident and removed the threat from its networks. The affected customers are advised to be vigilant against potential phishing and social engineering attacks. The number of impacted customers and the identity of the third-party provider have not been disclosed. The breach follows a significant cyberattack at Jaguar Land Rover in the UK, which disrupted operations for nearly a month, and is part of a string of breaches in the transport sector, impacting JLR, Collins Aerospace, and LNER.
Motility Software Solutions Ransomware Attack Exposes 766,000 Client Records
Motility Software Solutions, a provider of dealer management software (DMS), experienced a ransomware attack on August 19, 2025. The incident exposed the sensitive data of 766,000 customers. The compromised data includes full names, addresses, email addresses, telephone numbers, dates of birth, Social Security numbers, and driver’s license numbers. The attack affected 7,000 dealerships across the United States. The company has implemented additional security measures, restored systems from backups, and established dark web monitoring. No ransomware group has claimed responsibility for the attack. Motility has offered a year of free identity monitoring services to affected individuals.
WestJet data breach impacts 1.2 million customers
WestJet, a major Canadian airline, has confirmed that a cyberattack on June 13, 2025, compromised the personal information of 1.2 million customers. The breach involved the theft of travel documents, including passports and ID documents. The attackers gained access to the network through a Citrix system after resetting an employee's password via social engineering. The breach was attributed to threat actors associated with Scattered Spider, although no official attribution has been made. The compromised data includes full names, dates of birth, mailing addresses, travel documents, requested accommodations, filed complaints, WestJet Rewards Member IDs, and details of WestJet RBC Mastercard information. No credit card or debit card numbers, expiry dates, CVV numbers, or user passwords were compromised. The airline is working with the FBI and has offered a free 2-year identity theft protection and monitoring service to affected customers. The breach was first identified on June 13, 2025, and the data breach notification was sent to the Office of the Maine Attorney General on September 29, 2025.