Volvo Group North America reports customer/staff data exposure after supplier Conduent breach, affecting nearly 17,000 records. Volvo Group North America disclosed an indirect breach after Conduent’s systems were compromised, with nearly 17,000 Volvo-related individuals having personal details exposed; Conduent describes a breach window spanning October 21, 2024 to January 13, 2025 and says stolen data may include full names, Social Security Numbers, dates of birth, health insurance policy details, ID numbers, and medical information, while the company continues to notify affected people on behalf of clients and provide identity monitoring, credit and dark web monitoring, and identity restoration for at least a year. The disclosure also notes that Volvo Group North America previously experienced another third-party-related exposure tied to Miljödata in August 2025. Our Red Team takeaway is blunt: supplier compromise routinely becomes “your breach” operationally and reputationally, even when your perimeter was never touched—so testing must include vendor trust paths (SSO links, service accounts, file transfer workflows, API tokens) and incident readiness for high-friction realities like rapid scoping of exposed identifiers, fraud-risk triage, and customer communications under time pressure.