Truck, bus and industrial equipment maker Volvo Group North America is one of the several major companies impacted by a recent data breach at business services provider Conduent.
Conduent detected an intrusion on its network on January 13, 2025, and an investigation revealed that the hackers had access to its network since October 21, 2024. The attackers obtained personal information such as names, addresses, SSNs, dates of birth, health insurance data, and medical information.
The Safepay ransomware group took credit for the attack on Conduent in February 2025.
In recent notifications sent to impacted individuals on behalf of Volvo Group, Conduent indicated that it provides printing/mailroom, document processing, payment integrity, and other back-office support services to the companies affected by the data breach.
In the case of Volvo Group, the company told the Maine Attorney General that nearly 17,000 employees are affected. Volvo appears to have learned about the incident only in January 2026.
Based on data breach notifications submitted by Conduent in October 2025 to attorney general’s offices in various US states, the incident appeared to impact roughly 10 million individuals.
However, recent updates shared by the company with AGs indicate that the data breach affects more than twice as many people as initially believed. For instance, in Texas the number of affected individuals has increased from 4 million to 15 million. In addition, more than 10 million people from Oregon are also affected.
Conduent has yet to share any updates with the Maine AG, which requires companies to specify the total number of individuals impacted by a cybersecurity incident. In October, the company told the Maine AGO that 374 of the state’s residents had been impacted, but did not share the total number.
This is not the only third-party data breach affecting Volvo Group in recent months. In September 2025, the truck maker notified employees of a breach at Miljödata, a Swedish IT company that had been hit by ransomware.
UPDATE: After this article was published Conduent provided the following statement to SecurityWeek:
As previously disclosed in its April 2025 Form 8-K filing with the SEC, in January 2025, Conduent discovered that it was the victim of a cybersecurity incident. With respect to that incident, Conduent has agreed to send notification letters, on behalf of its customers, to individuals whose personal information may have been affected by this incident. In addition, a dedicated call center has been set up to address consumer inquiries. At this time, Conduent has no evidence of any attempted or actual misuse of any information potentially affected by this incident.
Upon discovery of the incident, Conduent acted quickly to secure its networks, restore its systems and operations, notify law enforcement, and conduct an investigation with the assistance of third-party forensics experts. In addition, given the nature and complexity of the data involved, Conduent has been working diligently with a dedicated review team, including internal and external experts, to conduct a detailed analysis of the affected files to identify the personal information contained therein, which was a time-intensive process.
Conduent takes this matter seriously and regrets any inconvenience this incident may have caused.
Related: European Commission Investigating Cyberattack
Related: Flickr Security Incident Tied to Third-Party Email System
Related: Substack Discloses Security Incident After Hacker Leaks Data
