Cyber Incident Victim: Volvo Cars

On November 30, 2021, the Snatch extortion group claimed responsibility for breaching Volvo Car Corporation’s servers, announcing the theft of company files on their data leak site alongside screenshots of stolen documents as evidence. Volvo Cars publicly disclosed the security incident on December 10, confirming unauthorized third-party access to one of its file repositories had occurred, resulting in the theft of a limited amount of research and development (R&D) property. The company initiated an investigation upon discovery, collaborating with external cybersecurity experts and notifying relevant authorities. Volvo acknowledged the breach might impact its operations based on preliminary findings but asserted no evidence indicated compromised safety or security features in customer vehicles or exposure of personal customer data. The organization declined to comment on Snatch’s specific claims when contacted by BleepingComputer on December 1, emphasizing it would not speculate on potential cyberattacks while reaffirming its prioritization of cybersecurity standards and participation in industry best practices.

Snatch subsequently leaked 35.9 MB of allegedly stolen Volvo documents following their initial November 30 disclosure. The group clarified its operational focus on data exfiltration rather than ransomware, explicitly stating they did not encrypt victim data or demand decryption ransoms. Volvo’s breach notification did not specify the exact nature of the compromised R&D data, intrusion methods, or affected systems beyond referencing the illicit repository access. The company maintained its investigation remained ongoing with third-party support but provided no further technical details regarding containment measures, attack vectors, or full data exfiltration scope. No additional operational disruptions, financial impacts, or post-incident recovery actions were disclosed by Volvo beyond the initial confirmation of data theft and potential operational implications.