Volvo had some R&D data stolen in security breach

Volvo Cars is investigating a cybersecurity breach and theft of a limited amount of the company’s research and development data. The data breach was reported Friday by the Swedish automaker.

The company said one of its file repositories had been illegally accessed by a third party. Investigations have revealed that a “limited amount of the company’s R&D property has been stolen during the intrusion,” the company said in a statement Friday.

Despite the limited amount, there may be an impact on the company’s operation, Volvo Cars said. without providing more details on the size of the breach or what was stolen. A Volvo spokesperson also declined to provide more information.

The company is working with an independent third-party researcher to investigate the property theft.

Volvo said it implemented security countermeasures, including steps to prevent further access to its property and notified relevant authorities after it detected the unauthorized access.

It appears that the theft was targeting company R&D data, not customer information. Volvo said it “does not see, with currently available information, that this has an impact on the safety or security of its customers’ cars or their personal data.”

The media outlet Inside-it, which was the first to report the breach, found a screenshot on the dark web that showed Volvo’s data was released on the website of a ransomware gang called Snatch.

A report released in fall 2021 by digital risk protection company CybelAngel found that the automotive industry is at severe risk of ransomware attacks due to the availability of hundreds of thousands of exposed credentials online.

The company’s six-month investigation of automotive companies found that highly sensitive information was leaked, including trade secrets, personally identifiable information, blueprints of engines and production facilities, confidential agreements, human resources documents and more. The company concluded that the these leaks occurred due to employee internal threats and external security weaknesses across the automotive supply chain.