Data Breaches at Volvo and Stellantis Highlight Supply Chain Vulnerabilities

On September 29, 2025, the cybersecurity community was alerted to two significant data breaches involving Volvo Group North America and Stellantis, both stemming from vulnerabilities in third-party service providers.

Volvo confirmed that a ransomware attack on its HR software supplier, Miljödata, led to the exposure of sensitive employee information, including Social Security numbers. This incident underscores the potential risks of outsourcing critical functions, as attackers increasingly target less secure third-party systems.

Stellantis, on the other hand, reported a breach affecting over 18 million records associated with its Salesforce environment. This breach follows a troubling trend where attackers exploit flaws in widely-used platforms to gain unauthorized access to sensitive data.

These breaches raise important questions about the security measures organizations have in place to protect their supply chain and customer data. As the threat landscape continues to evolve, companies must prioritize third-party risk management and enhance their cybersecurity protocols to mitigate such risks.