Truck, bus and industrial equipment maker Volvo Group North America is notifying current and former employees of a data breach involving third-party supplier Miljödata.
A Swedish IT company, Miljödata fell victim to a ransomware attack in August. During the attack, the hackers stole personal information from Adato, a support system for rehabilitation, and Novi, a support system for HR personnel notes.
The incident impacted approximately 25 private companies, including large companies such as Scandinavian airline SAS and metals company Boliden, and roughly 200 Swedish municipalities, including the country’s capital Stockholm.
Numerous education institutions, such as University of Borås, Linköping University, Lund University, Örebro University, the Swedish University of Agricultural Sciences, also disclosed the impact from the attack.
The incident was claimed by the DataCarry ransomware group, which added Miljödata to its Tor-based leak site on September 13 and published data allegedly stolen from the company the next day.
On September 16, the leaked information was added to the data breach notification site Have I Been Pwned, which revealed that it included 870,000 unique email addresses, along with names, addresses, phone numbers, government IDs, dates of birth, and gender.
In some cases, employment information, employee ID, sick leave information, and other information was also compromised, some of the affected entities have revealed.
In notification letters to the affected individuals, a copy of which was submitted to the Massachusetts Attorney General’s Office, Volvo Group North America says the incident impacted its employees’ names and Social Security numbers.
Volvo Group is providing the affected individuals with 18 months of free identity protection and credit monitoring services. The company has not shared the number of impacted individuals.
SecurityWeek has emailed Volvo Group for additional information on the incident and will update this article if the company responds.
Related: Automotive Titan Stellantis Discloses Data Breach
Related: Widespread Infostealer Campaign Targeting macOS Users
Related: Surveillance Firm Bypasses SS7 Protections to Retrieve User Location
