Volvo Customer Data Breached in Conduent Hack
▼ Summary
– Volvo Group North America experienced an indirect data breach due to a security incident at its service provider, Conduent, a business process outsourcing company.
– The breach at Conduent, occurring between October 2024 and January 2025, exposed personal details including Social Security Numbers and medical information of nearly 17,000 Volvo customers and/or staff.
– Conduent is notifying affected individuals and offering them free identity monitoring services, while stating there is no evidence of misuse of the stolen data.
– This is a separate incident from another recent Volvo Group breach caused by a different third-party supplier, Miljödata, in August 2025.
– Volvo Group, which manufactures commercial vehicles and owns Mack Trucks, is distinct from Volvo Cars, which suffered a separate R&D data breach in 2021.
A significant data breach at the business services provider Conduent has impacted the personal information of thousands connected to Volvo Group North America. The incident highlights the persistent cybersecurity risks posed by third-party vendors in the supply chain. The breach, which occurred between late 2024 and early 2025, compromised sensitive data including Social Security numbers, dates of birth, and medical information. Conduent, which handles business process outsourcing for numerous large clients, is now notifying affected individuals on behalf of Volvo.
The breach exposed the personal details of nearly 17,000 Volvo Group North America customers and employees. Volvo Group North America is the operating arm responsible for commercial vehicles like trucks, buses, and construction equipment in the U.S., Canada, and Mexico. It is important to distinguish this entity from Volvo Cars, as they are separate companies; Volvo Group does not manufacture passenger vehicles.
Conduent has not finalized the total number of individuals affected globally, but previous disclosures noted impacts on millions in states like Oregon and Texas. The stolen data is extensive, encompassing full names, Social Security Numbers, health insurance policy details, identification numbers, and medical records. In response, Conduent is offering impacted Volvo clients and staff complimentary identity monitoring services for a minimum of one year. These services include credit monitoring, dark web surveillance, and identity restoration support.
A company spokesperson stated that Conduent disclosed the cybersecurity event in April 2025 and is coordinating with clients to manage notifications. “We expect to send out all of the consumer notifications by April 15,” the spokesperson said. “A dedicated call center has been established to address inquiries. Currently, Conduent has no evidence of any attempted or actual misuse of the information involved.” The company advises notification recipients to consider placing fraud alerts or security freezes on their credit reports as an additional protective measure.
This is not an isolated incident for Volvo Group North America. The organization recently experienced another data breach due to a different third-party supplier, IT services firm Miljödata, in August 2025. That event exposed the personal information of 1.5 million people, including employees in Sweden and the United States. Separately, in 2021, Volvo Cars suffered a breach where hackers stole research and development data, which was later leaked online by a group known as ‘Snatch’. These repeated incidents underscore the critical need for robust vendor risk management and layered security defenses across complex corporate networks.
(Source: Bleeping Computer)
