Date of Incident:
October 21, 2024 – January 13, 2025

Overview:

The Conduent Data Breach, impacting Volvo Group North America, occurred between October 21, 2024, and January 13, 2025, and was reported on February 10, 2026. This breach exposed personal details of nearly 17,000 customers and staff, including full names, Social Security Numbers, dates of birth, health insurance details, ID numbers, and medical information. The breach involved unauthorized access using valid credentials and exploiting web application vulnerabilities, leading to data exfiltration through SQL queries. Indicators of compromise included suspicious IP addresses, domain names, and malware file hashes. Additionally, a related breach at Miljödata in August 2025 affected 1.5 million people, highlighting supply chain vulnerabilities.

>>Outpace Attackers With AI-Based Automated Penetration Testing

Impact:

Nearly 17,000 customers and staff of Volvo Group North America had their personal details exposed. Stolen data include full names, Social Security Numbers (SSNs), dates of birth, health insurance policy details, ID numbers, and medical information. Also reported a separate breach in August 2025 at Miljödata affecting 1.5 million people including Volvo Group employees.

Details:

The Conduent Data Breach targeting Volvo Group North America involved unauthorized access to sensitive personal data of nearly 17,000 customers and staff from October 21, 2024, to January 13, 2025. MITRE ATT&CK techniques included T1078 (Valid Accounts) for credential access and T1190 (Exploit Public-Facing Application) as initial entry vectors possibly through Conduent’s service portals. Proof-of-concept behavior indicated usage of stolen credentials combined with exploitation of web app vulnerabilities, executing unauthorized SQL queries to exfiltrate SSNs, health insurance details, and medical information. IOCs include specific suspicious IP addresses related to the attackers, domain names used for command and control, and file hashes tied to malware deployed during lateral movement phases. Logs reveal anomalous login times, multiple failed authentications, and unauthorized database query logs. Additionally, a secondary breach at Miljödata in August 2025 compromised 1.5 million records, including Volvo employees’ personal data, pointing to supply chain risk factors through third-party providers.

Remediation:

Volvo Group and Conduent issued advisories recommending immediate password resets and multi-factor authentication enforcement. Conduent deployed patches addressing critical vulnerabilities in their customer portals and strengthened network segmentation. Temporary mitigations include enhanced monitoring for anomalous access patterns, IP blocking of identified attacker infrastructure, and conducting comprehensive security audits of third-party vendors. Users are advised to monitor credit reports and be vigilant against phishing attempts.

Takeaway for CISO:

This breach underscores the critical risk posed by third-party service providers and the cascading impact on customer and employee data confidentiality. CISOs should prioritize stringent vendor risk management, continuous access monitoring, and rapid incident response capabilities. The incident is a strategic reminder to enhance zero-trust architectures and supply chain security controls.