Skoda’s online shop suffered a breach via an unspecified software vulnerability classified as CWE-284 (Improper Access Control), exposing customer names, contact details, and order history. Payment card data and passwords were not compromised. No CVE has been assigned, no vendor advisory has been published, and source quality for technical details is limited — this item is most relevant to organizations running comparable consumer-facing e-commerce platforms as a pattern reference and to any organization assessing GDPR notification obligations.