Škoda Auto said attackers breached its online shop and stole personal data belonging to an undisclosed number of customers after exploiting a software vulnerability in the e-commerce portal, the company said in a security disclosure.
KEY FACTS
- Access method Attackers used an unspecified flaw in standard online store software.
- Data exposed Names, addresses, contact details, order information and login credentials were among the data accessed.
- Financial data Škoda said full credit card details were not stored in the shop system.
- Response The company said it fixed the flaw, reported the incident to authorities and sent it to forensic analysts.
The disclosure said the attackers temporarily gained unauthorized access to the store system. It said the exposed credentials included email addresses and a cryptographic hash of the password.
Škoda said it has no evidence that the access data was misused, but warned customers to watch for phishing attempts and possible account takeover attempts if they reused the same password elsewhere.
The company also advised affected people to monitor bank and card statements and contact their financial provider if anything unusual appears. It did not say how many customers were affected or whether it had contact with the attackers.
The incident follows similar disclosures by other carmakers in recent months, including Renault, Dacia and Jaguar Land Rover, which have also reported cyberattacks or data breaches affecting customers and operations.
WHY IT MATTERS
The case shows how a breach of an online store can expose personal and login data even when payment details are kept by third-party processors. It also highlights the risk of follow-on phishing and credential reuse after a customer database is accessed.