Narayan AmmachchiSwedish commercial vehicle maker Volvo Group has reportedly discovered that customer and employee data at its North American operations was compromised during a late-2024 cyberattack on its business process outsourcing partner, Conduent.
The intrusion occurred between October 21, 2024, and January 13, 2025, when threat actors allegedly gained unauthorized access to Conduent’s systems. The exposed data is said to include full names, Social Security Numbers, dates of birth, health insurance policy details, identification numbers and certain medical information.
Conduent publicly disclosed the breach in April 2025 and said it would notify affected individuals on behalf of its clients. The U.S.-based outsourcing firm also set up a dedicated call center to handle inquiries and stated that, so far, it has found no evidence of misuse of the compromised data.
The company previously revealed that the same cybersecurity incident affected 10.5 million individuals in Oregon and 15.5 million in Texas. The overall number of impacted individuals nationwide has not yet been finalized.
Volvo Group North America — which manufactures commercial trucks, buses, construction equipment and industrial power systems — is offering affected individuals one year of complimentary identity monitoring, credit monitoring, dark web surveillance and identity restoration services. Its subsidiaries include Mack Trucks. Volvo Group operates separately from Volvo Cars and does not manufacture passenger vehicles.
The development follows another third-party-related breach in August 2025 involving IT services provider Miljödata, which exposed data belonging to roughly 1.5 million individuals, including Volvo employees in Sweden and the United States.
In a separate incident, Volvo Cars was targeted in a 2021 cyberattack claimed by the Snatch extortion group, which later leaked stolen research and development files.
Add comment