Volvo Employees Hit by Massive Third-Party Data Breach at Conduent
Nearly 17,000 Volvo Group North America employees had their personal data exposed after cybercriminals breached Conduent, a major outsourcing provider handling workforce benefits and back-office services. The incident, disclosed in a filing with the Maine Attorney General, affected 16,991 individuals across the U.S., including three in Maine.
Attackers gained access to Conduent’s systems between October 21, 2024, and January 13, 2025, exfiltrating files tied to employees’ current or former health plans. Conduent detected the intrusion in January 2025, secured its systems, and launched a forensic investigation. However, Volvo only confirmed its workforce was impacted on January 21, 2026 a year after the breach was initially discovered illustrating the prolonged fallout of vendor-related incidents.
The exposed data included names, with additional details varying by individual, though Conduent has not specified what other information was compromised. While there is no evidence the stolen data has been misused, affected employees were offered identity monitoring services.
The breach extends far beyond Volvo. Regulators continue to revise victim totals as Conduent and its clients analyze the full scope, with recent filings suggesting tens of millions of Americans may be affected. Conduent’s role in managing systems for Medicaid, unemployment programs, child support services, and employer benefits amplifies the breach’s reach.
The attack has been attributed to the SafePay ransomware group, which claims to have stolen multiple terabytes of data, though Conduent has not confirmed the attribution. The incident underscores the risks of prolonged unauthorized access, with attackers lingering in systems handling sensitive personal data for nearly three months.
This is not Volvo’s first third-party breach. In 2024, the automaker warned employees of exposed personal data after ransomware attackers targeted Miljödata, a Swedish HR software supplier, compromising names and Social Security numbers. That attack was claimed by the DataCarry ransomware group.
Source: https://www.theregister.com/2026/02/10/conduent_volvo_breach/
Conduent cybersecurity rating report: https://www.rankiteo.com/company/conduent
Volvo Group cybersecurity rating report: https://www.rankiteo.com/company/volvo-group
"id": "CONVOL1770724357",
"linkid": "conduent, volvo-group",
"type": "Ransomware",
"date": "1/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '16,991 employees',
'industry': 'Automotive',
'location': 'North America',
'name': 'Volvo Group North America',
'size': 'Large',
'type': 'Corporation'},
{'customers_affected': 'Tens of millions of Americans '
'(estimated)',
'industry': 'Outsourcing/Business Services',
'location': 'Global',
'name': 'Conduent',
'size': 'Large',
'type': 'Third-Party Vendor'}],
'attack_vector': 'Third-Party Vendor Compromise',
'customer_advisories': 'Identity monitoring services offered to affected '
'employees',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '16,991 (Volvo employees); tens '
'of millions (estimated total)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (personal and health-related '
'data)',
'type_of_data_compromised': ['Names',
'Health plan-related files',
'Other unspecified personal '
'data']},
'date_detected': '2025-01',
'date_publicly_disclosed': '2026-01-21',
'description': 'Nearly 17,000 Volvo Group North America employees had their '
'personal data exposed after cybercriminals breached Conduent, '
'a major outsourcing provider handling workforce benefits and '
'back-office services. The incident affected 16,991 '
'individuals across the U.S., including three in Maine. '
'Attackers gained access to Conduent’s systems between October '
'21, 2024, and January 13, 2025, exfiltrating files tied to '
'employees’ current or former health plans. Conduent detected '
'the intrusion in January 2025, secured its systems, and '
'launched a forensic investigation. Volvo confirmed its '
'workforce was impacted on January 21, 2026. The exposed data '
'included names, with additional details varying by '
'individual. The breach extends to tens of millions of '
'Americans, with Conduent managing systems for Medicaid, '
'unemployment programs, child support services, and employer '
'benefits. The attack has been attributed to the SafePay '
'ransomware group.',
'impact': {'brand_reputation_impact': 'Yes',
'data_compromised': 'Personal data (names, health plan-related '
'files, and other unspecified details)',
'identity_theft_risk': 'Yes',
'systems_affected': 'Conduent’s systems handling workforce '
'benefits and back-office services'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Risks of prolonged unauthorized access in third-party '
'vendor systems; delayed disclosure and impact assessment '
'in vendor-related breaches.',
'post_incident_analysis': {'root_causes': 'Third-party vendor compromise; '
'prolonged unauthorized access to '
'Conduent’s systems'},
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'SafePay'},
'recommendations': 'Enhanced third-party vendor risk management, faster '
'breach notification processes, and improved monitoring of '
'vendor systems.',
'references': [{'source': 'Maine Attorney General filing'}],
'regulatory_compliance': {'regulatory_notifications': 'Filing with Maine '
'Attorney General'},
'response': {'communication_strategy': 'Filing with Maine Attorney General, '
'employee notifications',
'containment_measures': 'Systems secured',
'incident_response_plan_activated': 'Yes',
'third_party_assistance': 'Forensic investigation'},
'threat_actor': 'SafePay ransomware group',
'title': 'Volvo Employees Hit by Massive Third-Party Data Breach at Conduent',
'type': 'Data Breach'}