What‌ Happened?

The Volvo Group ​and the University of Lund ‍were both​ affected by a ‌ransomware attack targeting Miljödata, a provider of human resources software. Volvo confirmed the breach and filed a data violation ‌notice with the Massachusetts attorney General’s ⁤office on September 24, 2025.The attackers gained access to employee files through ⁤Miljödata’s systems.

The attack leverages a new⁣ trend in cybercrime: AI-powered ransomware that utilizes​ chatbots ⁤to negotiate ransom demands with victims, increasing the sophistication and efficiency of extortion attempts.

Who​ is Affected?

The data breach impacts both current and former employees of Volvo and the University of Lund‍ who utilized Miljödata’s HR services. The specific number of individuals⁣ affected has not been publicly disclosed.

What⁤ Data Was Exposed?

While the exact nature of the compromised data hasn’t been fully detailed,‍ it includes personal information contained⁢ within employee files managed by Miljödata. This could encompass names, addresses, social security numbers, and other sensitive data, increasing the risk of identity theft and targeted phishing attacks.

response and Mitigation ⁣efforts

Volvo is offering affected ‌employees 12 ‌months ‌of free identity theft protection and credit ⁤monitoring services, along with a dedicated assistance line to address potential fraud ‍or​ misuse of personal data. ⁣As of September⁣ 26,2025,Volvo has not announced‍ plans for‌ direct financial ⁤compensation to ​affected individuals.

The University of‌ Lund is advising employees and former employees to be vigilant for‌ suspicious‍ calls, texts, or emails, warning that stolen data could be⁢ used in phishing schemes and ⁤other scams.