Volvo Group North America customer data exposed in Conduent hack
Source: Bleeping Computer
Overview
Volvo Group North America disclosed that it suffered an indirect data breach stemming from the compromise of IT systems at American business services giant Conduent, of which Volvo is a customer.
Volvo Group North America is the Swedish multinational’s operating arm in the United States, Canada, and Mexico. It focuses on manufacturing commercial vehicles and heavy equipment, including trucks, buses, construction equipment, engines, and industrial power systems. Mack Trucks, a very popular brand in the U.S., is one of its subsidiaries. Volvo Group is not the same as Volvo Cars and does not manufacture passenger cars.
Conduent breach
Conduent, an American business process outsourcing (BPO) company, suffered a security breach between October 21 2024 and January 13 2025. Threat actors stole:
- Full names
- Social Security Numbers (SSNs)
- Dates of birth
- Health insurance policy details
- ID numbers
- Medical information
The breach was disclosed by Conduent in late 2025. While the exact number of impacted individuals is still being determined, Conduent previously reported that the breach affects 10.5 million people in Oregon and 15.5 million in Texas.
Impact on Volvo Group North America
Nearly 17,000 customers and/or company staff of Volvo Group North America had their personal details exposed as a result of the Conduent breach.
Response
Conduent is sending notifications on behalf of its customers to the impacted parties. Affected Volvo Group North America clients and staff are being offered:
- Free membership to identity‑monitoring services for at least one year
- Credit and dark‑web monitoring
- Identity restoration assistance
Recipients are also advised to consider placing fraud alerts or a security freeze on their credit reports.
Prior third‑party breaches affecting Volvo
Miljödata compromise (August 2025)
A separate breach caused by a compromise of IT services supplier Miljödata exposed staff data such as full names and SSNs. The incident affected 1.5 million people, including Volvo Group employees in Sweden and the United States.
Volvo Cars R&D breach (2021)
In 2021, Volvo Cars suffered a security breach in which hackers stole research and development (R&D) data from its servers. The attack was claimed by the “Snatch” data‑extortion group, which later leaked the stolen files on their extortion portal.
References
- Conduent breach details: https://www.bleepingcomputer.com/news/security/bpo-giant-conduent-confirms-data-breach-impacts-105-million-people/
- Notification to consumers: https://www.documentcloud.org/documents/26911160-2026-02-05-volvo-group-north-america-data-breach-notice-to-consumers/
- Miljödata attack: https://www.bleepingcomputer.com/news/security/it-system-supplier-cyberattack-impacts-200-municipalities-in-sweden/
- Impact on 1.5 million people: https://www.bleepingcomputer.com/news/security/data-breach-at-major-swedish-software-supplier-impacts-15-million/
- Volvo Cars R&D breach: https://www.bleepingcomputer.com/news/security/volvo-cars-discloses-security-breach-leading-to-randd-data-theft/