Overview
- Škoda says attackers exploited a flaw in its online shop software to gain temporary access to the store system.
- The company took the shop offline, fixed the vulnerability, brought in external forensics experts, and notified the data protection authority.
- Data in scope included names, addresses, email addresses, phone numbers, order details, and login emails with password hashes.
- Škoda says credit card numbers were not exposed because payments are processed by separate providers that do not store full details in the shop.
- The company says it cannot confirm whether any data were copied and is urging customers to change passwords and watch for phishing or unusual logins.