Volvo North America is the latest large organization to announce attackers accessed employee data after a ransomware attack struck its HR system provider.
It told staff recently that their first and last names, along with their social security numbers, were hit when cybercriminals raided Swedish software slinger Miljödata in August.
According to a disclosure [PDF] filed with the Massachusetts Attorney General’s office, the attack on Miljödata occurred on August 20, and the company discovered it three days later. Volvo’s data was confirmed to be affected on September 2.
“Miljödata immediately commenced an investigation to confirm the nature and scope of the incident and will continue to review their security policies, procedures, and tools as part of their ongoing commitment to information security.
“Miljödata has taken actions to implement enhanced security of the Miljödata hosted environment and, together with cybersecurity experts, has promptly launched an investigation into the attack. Miljödata is taking steps to prevent this type of incident from happening again, and Volvo Group is continuing to monitor and investigate the situation carefully.”
The DataCarry ransomware group claimed responsibility for the attack on Miljödata’s Adato system, and has Miljödata’s files available for download on its dark web-based site.
Adato is a system specifically designed to help organizations manage workers’ sick leave and the associated rehabilitation of their conditions. It’s accessed by human resources teams and the insights are fed back to managers who then support staff with their return to work.
While Volvo did not specify the exact scale of its breach, it is one of many large organizations to be caught up in the data raid, which according to HaveIBeenPwned included 870,000 unique email addresses among the trove of stolen files.
Other organizations were affected in different ways, and their disclosures suggested that only those who used the cloud-hosted Adato system had their data stolen.
Volvo only had names and SSNs exfiltrated, while other victims saw phone numbers, home addresses, genders, email addresses, and dates of birth also compromised, among other data types.
Sandra Helgadottir, the prosecutor leading the investigation into the attack, told the Sweden Herald that 1.5 million people are impacted by the attack overall.
Other organizations also confirmed to be affected include Swedish airline SAS, which said it used Adato until June 2021.
Current and former employees who joined the company before June 21, 2021, may have had their data stolen, including sick leave information in some cases, it confirmed.
Miljödata provides software to around 80 percent of Sweden’s 290 municipalities, and as The Register reported at the time, company CEO Erik Hallén confirmed on August 25 that the attack disrupted public services across 200 of these regions.
The City of Stockholm recently said it was among the slew of public authorities affected by the attack, despite not running any operational systems with the IT provider.
It said the pilfered personal data was taken from a production environment of a system due to be deployed for reporting and monitoring workplace incidents.
In addition to the aforementioned data types affected, it said employee accounts were included in the compromised data, as well as employment information such as how long an individual had worked for the city, and their role.
Chalmers University of Technology, Karlstad University, Örebro University, Lunds University, Linköping University, Umeå University, and the Swedish University of Agricultural Sciences all confirmed they were among the educational institutions also affected.
Uppsala University said it operated Adato on-premises, and was therefore unaffected. ®