Research and development data was stolen from Volvo after a cybersecurity breach, the company said in a statement Friday. There is no reason to think this doesn’t have the makings of a corporate espionage thriller. There is, sadly, also no reason to think it does, either.
The company’s statement on the matter is brief and does not give a timeframe. It also doesn’t say who might have done the stealing or what, exactly, was stolen.
Volvo Cars has become aware that one of its file repositories has been illegally accessed by a third party. Investigations so far confirm that a limited amount of the company’s R&D property has been stolen during the intrusion. Volvo Cars has earlier today concluded, based on information available, that there may be an impact on the company’s operation.
After detecting the unauthorised access, the company immediately implemented security countermeasures including steps to prevent further access to its property and notified relevant authorities.
Volvo Cars is conducting its own investigation and working with third-party specialist to investigate the property theft. The company does not see, with currently available information, that this has an impact on the safety or security of its customers’ cars or their personal data.
“Impact on the company’s operation” is so vague that it could mean virtually anything, from something major like setting back Volvo car development or it could be just a brief security hiccup. Still, automakers guard their R&D secrets zealously, to the degree that lifetime non-disclosure agreements are routine for many employees. These are not state secrets, exactly, either, but automakers have told themselves for decades that R&D is the special sauce, and Volvo is no different.
Another possibility is that this is a ransomware attack, which is perhaps why Volvo is being so vague. I asked Volvo for more details and will update this post if they respond.