Škoda warns of buyer data breach after on-line store hack

Škoda Auto, a completely owned subsidiary of the Volkswagen Group, has disclosed a data breach after attackers hacked its on-line store and stole the private info of an undisclosed variety of prospects.

The 130-year-old Czech automotive maker has over 34,000 workers and reported gross sales of greater than €27 billion and a revenue of practically €2 billion in 2025, having delivered over 1 million vehicles to prospects.

As Škoda revealed, menace actors gained entry by exploiting an unspecified vulnerability within the software program of its e-commerce portal. After detecting the breach, the corporate reported the incident to the related authorities and has mounted the security flaw exploited within the assault.

“As a part of our technical security monitoring, we found that unauthorized people had exploited a vulnerability in the usual software program used for our on-line retailer. This allowed them to quickly achieve unauthorized entry to the shop system,” Škoda stated. “The vulnerability has since been resolved, and the incident has been handed over to a specialised IT forensics group for technical evaluation. Moreover, the incident was reported to the related information safety supervisory authority.”

The shopper info accessed by the menace actors features a mixture of names, addresses, contact info (resembling e-mail addresses), cellphone numbers, order info, and login credentials (together with the e-mail tackle and a cryptographic hash of the password).

Nevertheless, in keeping with Škoda, the attackers had been unable to entry affected prospects’ monetary info as a result of it was not saved on the compromised methods.

“Full bank card particulars aren’t saved within the store system however are processed solely by the respective cost service suppliers. Based mostly on present info, direct entry to full bank card particulars was not doable,” the corporate added.

Moreover, whereas it stated it has no proof that the entry information has been misused, Škoda warned affected people that phishing assaults would possibly goal them and that menace actors could attempt to log in to their different on-line accounts in the event that they reused the identical credentials.

“Within the coming weeks, please be further vigilant relating to emails, textual content messages, or cellphone calls that confer with your relationship with Škoda or to orders positioned within the on-line retailer, particularly in case you are requested to enter login credentials, disclose confidential info, or click on on hyperlinks,” Škoda added. “It is usually advisable to examine your financial institution statements and bank card payments as regular and to right away notify your financial institution or the related cost service supplier in the event you discover something uncommon.”

A Škoda spokesperson was not instantly out there for remark when BleepingComputer reached out for extra info on the breach, together with the entire variety of affected prospects and whether or not the corporate had been in touch with the attackers about paying a ransom.

Škoda’s announcement comes after carmakers Renault and Dacia additionally disclosed a data breach affecting UK prospects in October, exposing a variety of non-public and car info, together with names, addresses, and car identification and registration numbers.

One month earlier, Jaguar Land Rover (JLR) was additionally hit by a cyberattack that led to a 43% decline in third-quarter wholesale volumes and value the corporate over $220 million after severely disrupting the automaker’s manufacturing and retail operations.