Volvo Cars discloses security breach leading to R&D data theft

Image: Adam Cai

Swedish carmaker Volvo Cars has disclosed that unknown attackers have stolen research and development information after hacking some of its servers.

"​Volvo Cars has become aware that one of its file repositories has been illegally accessed by a third party," the company revealed today.

"Investigations so far confirm that a limited amount of the company's R&D property has been stolen during the intrusion. Volvo Cars has earlier today concluded, based on information available, that there may be an impact on the company's operation."​​​​​​

Volvo said it notified relevant authorities after discovering the incident and is now investigating the data theft together with third-party experts.

"The company does not see, with currently available information, that this has an impact on the safety or security of its customers' cars or their personal data," Volvo added.

Attack claimed by Snatch extortion gang

While the company did not disclose any other details on the breach, the Snatch gang has already claimed the attack.

The extortion group added an entry on their data leak site on November 30 about breaching Volvo Car Corporation's servers and stealing files during the intrusion, together with screenshots of the stolen files as proof.

Since then, Snatch has also leaked 35.9 MB of what they claim to be documents stolen from Volvo's servers during the intrusion.

Snatch Volvo leak page
Volvo leak page on Snatch's leak site (BleepingComputer)

The company refused to comment after BleepingComputer reached out to Volvo on December 1 for more details regarding the attack claimed by Snatch.

"Volvo Cars does not comment on speculation about potential cyber security attacks but takes all potential threats to its cyber security and thefts of its property seriously," Volvo said.

"Cyber security is an integral part and a top priority of our global development work and operations. Volvo Cars actively participates in and contributes to the international work on standardisation and best practices, and apply industry-accepted recommendations on cyber security."

When BleepingComputer emailed back and asked Volvo to confirm if the screenshots shared as proof by the Snatch extortion gang are of files stolen from its servers, a Volvo spokesperson replied with "We cannot comment any further."

Update December 13,18:46 EST: Updated article to clarify that Snatch is an extortion group.

We have nothing to do with projects created earlier under the same name. Note that the Snatch command does not encrypt the victim's data and does not require a ransom to decrypt the data. We are not ransomware. Our direction is data. We work with the data of our potential customers.

Related Articles:

Chipmaker Nexperia confirms breach after ransomware gang leaks data

INC Ransom threatens to leak 3TB of NHS Scotland stolen data

Nissan confirms ransomware attack exposed data of 100,000 people

Philadelphia Inquirer: Data of over 25,000 people stolen in 2023 breach

Change Healthcare hacked using stolen Citrix account with no MFA