Škoda Discloses Data Breach Affecting Online Shop Users Czech automaker Škoda Auto has confirmed a data breach impacting users of its online shop, stemming from a software vulnerability in the portal. The incident was detected through the company’s technical security monitoring. Upon discovery, Škoda took the shop offline, patched the exploited flaw, and engaged external forensics experts to investigate. Authorities were notified as part of the response. The breach exposed customer data, including names, addresses, email addresses, phone numbers, order details, and account information. While password hashes were accessed, Škoda stated that no credit card data was compromised, as payment details are processed externally. The company could not determine whether data was exfiltrated or the total number of affected individuals. While there is no evidence of misuse, Škoda advised users to monitor for phishing attempts and unauthorized logins. Founded in 1896 and a subsidiary of Volkswagen Group since 2000, Škoda operates in over 100 countries. The breach follows recent incidents involving other major companies, underscoring ongoing cybersecurity challenges in digital retail.

Volkswagen Faces Data Extortion Threat from 8Base Ransomware Group Volkswagen Group is responding to claims by the ransomware group 8Base, which alleges it stole and leaked sensitive data from the automaker. While Volkswagen maintains that its core IT infrastructure remains unaffected, the company’s statement leaves uncertainty about the full extent of the breach, suggesting a possible third-party compromise. The 8Base ransomware operation, active since early 2023, surfaced in September 2024 with claims of a major breach at Volkswagen. Known for its Phobos ransomware variant and double-extortion tactics, the group asserted it exfiltrated confidential files on September 23, 2024, threatening public release by September 26. Though no leaked samples appeared by the deadline, 8Base listed the stolen data on its dark web site, including: - Invoices and receipts - Accounting documents - Employee personal files and contracts - Confidentiality agreements - Certificates and personnel records The breach could involve financial and personal data across Volkswagen’s global operations, affecting brands such as Audi, Porsche, Bentley, Lamborghini, Škoda, SEAT, and Cupra. Security experts note that 8Base operates primarily as a data extortion group, prioritizing theft over encryption to pressure victims into payment. Since its emergence, the group has targeted over 400 organizations, often gaining access via phishing or purchased credentials. Volkswagen, headquartered in Wolfsburg, Germany, confirmed awareness of the incident but emphasized that primary IT systems were not impacted, hinting at a potential supply chain or partner breach. With 153 production plants worldwide and hundreds of thousands of employees, the exposure of sensitive data raises GDPR compliance concerns, with potential fines of up to 4% of global revenue if confirmed. The incident highlights the growing risk of third-party vulnerabilities in critical industries like automotive manufacturing. Investigations remain ongoing.

Škoda Auto Reports Data Breach After Online Shop Hack Škoda Auto, a Volkswagen Group subsidiary and one of Europe’s oldest automakers, has confirmed a data breach after attackers exploited a vulnerability in its e-commerce portal. The incident exposed personal information of an undisclosed number of customers, though financial data remained secure. The breach was detected through the company’s security monitoring, prompting Škoda to patch the flaw and launch a forensic investigation. Authorities, including data protection regulators, were notified. Compromised data includes names, addresses, contact details, order information, and login credentials specifically email addresses and hashed passwords. While payment details were not stored on the affected systems, Škoda warned customers of potential phishing attempts and credential-stuffing attacks due to reused passwords. The company has not disclosed the total number of affected individuals or whether ransom demands were made. This incident follows recent breaches at Renault, Dacia, and Jaguar Land Rover, underscoring growing cybersecurity risks in the automotive sector. JLR’s attack in September, for example, disrupted production and incurred over $220 million in losses. Škoda’s breach highlights the persistent threat to customer data in digital retail platforms.